System Hardening¶
Status: Planned
Standards: CIS Benchmarks, DISA STIGs, NIST SP 800-123
Source: archer/hardening/ (not yet created)
The system hardening domain audits and remediates host configurations against published security baselines. Unlike penetration testing, the goal is configuration conformance — not exploitation.
Planned Plays¶
| Play | Description |
|---|---|
cis_benchmark_audit |
Score a host against CIS Benchmark controls |
stig_audit |
Evaluate DISA STIG compliance for Linux/Windows |
service_hardening |
Disable unnecessary services, restrict network exposure |
patch_assessment |
Identify missing patches and EOL software |
credential_policy |
Audit password policy, account lockout, and privilege assignments |