Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Hardening Guide

Training Camp • Cybersecurity Glossary

What is Hardening Guide?

Documented steps and configurations that reduce a system's attack surface, often based on CIS Benchmarks or DISA STIGs.

Glossary > Governance, Risk & Compliance > Hardening Guide

Understanding Hardening Guide

A Hardening Guide is a documented set of instructions, configurations, and best practices for securing a specific operating system, application, device, or service by reducing its attack surface and removing unnecessary risk. It provides systematic, repeatable steps so administrators can bring a system to a known secure baseline.

Hardening guides typically prescribe disabling unused services and ports, removing default accounts and changing default passwords, enforcing strong authentication and least privilege, applying patches, configuring encryption and logging, and setting secure values for individual configuration parameters. The most widely used guides come from authoritative sources such as the CIS Benchmarks, DISA Security Technical Implementation Guides (STIGs), vendor hardening documentation, and NIST guidance like SP 800-123. Many are paired with automated assessment tools that scan a system and report deviations from the baseline.

Hardening guides matter because default installations prioritize functionality over security and ship with open services, weak settings, and sample accounts that attackers routinely exploit. Following a recognized guide closes these gaps consistently across an estate, supports compliance frameworks that mandate secure baselines (PCI DSS, HIPAA, FedRAMP), and gives auditors a measurable standard. Without one, each system is configured ad hoc, leaving exploitable inconsistencies.

For example, a team deploying new Ubuntu web servers applies the relevant CIS Benchmark hardening guide: they disable root SSH login, enforce key-based authentication, remove unused packages, enable the host firewall to allow only ports 443 and 22, configure automatic security updates, and turn on auditd logging. They then run a CIS-CAT scan to confirm each control is in place, producing an evidence report and a consistent secure baseline reused for every future server build.

Learn More About Hardening Guide:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →