Do not allow COM port redirection in RDP is the name of a security setting stated in Windows servers CIS benchmarks/STIGs. A COM port is an I/O interface that enables the connection of a serial device to a computer. In some cases COM ports are called “serial ports”. Most computers are not equipped with COM ports anymore but there are many serial port devices still used in computer networks.

In 2014 and with extensive community involvement NIST Cybersecurity Framework was created for private sector organizations in the United States. It is also aligned with other NIST standards and guidelines, such as NIST 800-53 and FedRAMP. NIST Cybersecurity Framework (CSF or Framework) is intended to be a living document that is refined and improved over time and was updated in 2018 and called CSF 1.1. We will be discussing NIST CSF 2.0.

The National Institute of Standards and Technology (NIST) is on a mission to maintain measurement standards, technology advancements, and industrial competitiveness in the United States. This article provides guidance and a set of working assumptions that help guide and inform the control selection process. It also provides guidance on the development of overlays to facilitate control baseline customization for specific communities of interest, technologies, and environments of operations.

Server hardening is basic requirement for achieving security and compliance. Server hardening helps prevent unauthorized access, unauthorized use, and disruptions in service. It is an essential part of the installation and maintenance of servers that ensure data integrity, confidentiality, and is part of most compliance frameworks and industry standards.

The cybersecurity landscape is witnessing a phenomenon that has come to be known as the “Great Resignation” among Chief Information Security Officers (CISOs). The challenges faced by CISOs in coping with ever-increasing regulations, compliance mandates, and the need for skilled resources have reached a tipping point. Coupled with a lack of cooperation from the C-suite, these factors have led to a surge in burnout among CISOs.

The Center for Internet Security (CIS) team continuously release updates about cybersecurity best practices for new technologies. As of March 2023 all CIS Windows Server and Windows Workstation Benchmarks will be updated once a year to align with Microsoft’s update schedule. Major version updates that CIS will release (i.e., updating from v1.12.0 to v2.0.0) will account for significant changes in the operating system.

CIS Critical Security Control, known now as CIS Controls have recently been updated and revised in the CIS Controls v8 released by the Center for Internet Security (CIS). The CIS Controls are a collection of industry-recognized best practices for businesses dealing with data security risks. Such measures were created to make things easier and keep the IT operations and security teams attention on crucial tasks. In v8, CIS changes a little the perspective around baseline security and system hardening.

The CIS Critical Security Controls (CIS Controls) created by the Center for Internet Security (CIS) offer a set of best practices and recommendations that address key areas of system security, such as secure configurations, access controls, and vulnerability management. By following the CIS Controls, organizations can systematically strengthen their systems, reduce the attack surface, and mitigate common security risks.

Transport Layer Security 1.0 (TLS 1.0) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as HTTPS, SMTP, POP3, and FTP support TLS. Disable TLS 1.0 is a critical task for security and compliance.