System Management Configuration Requirements

On this page

1. System hardening

1.1 Deploy standard operating environment baselines that make use of operating system and applications with the latest releases of supported, up-to-date and tested versions of software to ensure a consistent and secure baseline for endpoints and servers. Such baselines include the Windows 10 Baseline Configuration.

2. System administration

2.1 Implement a system administration process and procedures, and make use of administrative infrastructure services that are hardened and that protect administrative activities and privileged tasks.

2.2 Maintain a software registry, including versions and patch histories of applications, drivers, operating systems and firmware for IT assets such as endpoints, servers, network devices and all other IT equipment, and ensure that it is regularly audited.

3. System patching

3.1 Update or replace (with vendor-supported versions) applications and operating systems for endpoints, servers and other IT technology equipment that are no longer supported by vendors with patches or updates for security vulnerabilities.

3.2 Implement a timely patch management policy and procedures for operating systems and third-party applications to support the active management of vulnerabilities, in alignment with GC Patch Management Guidance.

4. Data backup and restoration

4.1 Back up systems that contain essential business information and ensure that recovery mechanisms effectively and efficiently restore these systems from backups.

4.2 Securely store backups in an encrypted state, and restrict access to them to only those who must access them for testing or restoration activities.

Page details

Date modified: