PW.9.1—Define a secure baseline by determining how to configure each setting that has an effect on security or a security-related setting so that the default settings are secure and do not weaken the security functions provided by the platform, network infrastructure, or services.
PW.9
>Control Description
Define a secure baseline by determining how to configure each setting that has an effect on security or a security-related setting so that the default settings are secure and do not weaken the security functions provided by the platform, network infrastructure, or services.
>Practice: PW.9
Configure Software to Have Secure Settings by Default
Help improve the security of the software at the time of installation to reduce the likelihood of the software being deployed with weak security settings, putting it at greater risk of compromise.
>Notional Implementation Examples
- 1.Conduct testing to ensure that the settings, including the default settings, are working as expected and are not inadvertently causing any security weaknesses, operational issues, or other problems.
>Cross-Framework References
Mappings to related frameworks and standards from NIST SP 800-218
BSA FSS
CF.1
BSIMM
SE2.2
EO 14028
4e(iv)
4e(ix)
IDA SOAR
23
IEC 62443
SD-4
SVV-1
SG-1
ISO 27034
7.3.5
SAFECode Agile
Tasks Requiring the Help of Security Experts 12
SAFECode SIC
Vendor Software Delivery Integrity Controls
Vendor Software Development Integrity Controls
SP 800-181 (NICE)
SP-DEV-002
K0009
K0039
K0073
K0153
K0165
K0275
K0531
+1 more
Ask AI
Configure your API key to use AI features.