Hardening reduces a system’s attack surface by disabling unnecessary services, removing default accounts, applying security patches, restricting file permissions, and configuring security settings to meet established standards. A freshly installed operating system comes with many features enabled by default that most organizations never use — each one is a potential entry point.
The Center for Internet Security publishes CIS Benchmarks with specific configuration recommendations for Windows, Linux, databases, web servers, and cloud services. DISA STIGs serve the same purpose for Department of Defense systems.
CISSP Relevance
Hardening is addressed in Domain 3 (Security Architecture and Engineering) and Domain 7 (Security Operations). CISSP candidates must understand hardening as both a design principle and operational practice, including how hardened configurations are maintained through change management and configuration auditing.
External reference: CIS Benchmarks System Hardening Guides
Related terms: Security Baseline, Configuration Management