Hardening

System hardening is the process of reducing a system's attack surface by disabling unnecessary services, removing default credentials, applying security patches, enforcing secure configurations, and enabling logging. Hardening benchmarks published by CIS (Center for Internet Security) provide prescriptive, scored checklists for operating systems, databases, cloud services, and network devices.

Automated compliance scanning tools measure systems against hardening baselines continuously.