The Hardening Capability

The MITRE SAF^© Harden capability helps organizations create and manage the library of secure configuration as code hardening content for target software components.

Configuration Management Automation

MITRE SAF^© leverages a variety of orchestration tools for managing configuration that developers are already familiar with such as Ansible, Terraform, Puppet, and Chef. These tools can “harden” software components by running automated scripts that bring them into alignment with a security baseline, such as a CIS Benchmark or a DISA STIG. Each component of the software stack should be hardened to the approved security configuration settings, including infrastructure (cloud or on-premise), operating system, database, webserver, and application. 

Automated hardening facilitates the implementation of hundreds of individual controls on a system to meet security requirements. This form of secure configuration as code hardening works well in gold image pipelines that provide teams new virtual machine images with up-to-date dependencies. Without automation, keeping up with the avalanche of security configuration actions for dozens or hundreds of components in a modern environment would not be possible.

The Hardening Library

The open source security community has produced hardening content for many commonly used software components for the entire software stack. The MITRE SAF^© Hardening Library publishes and stewards quality open source hardening content to serve as a starting point for teams that want to automate configuration management. Each entry in the library aligns to a particular security guidance document and can be modified or tailored to match the requirements in a particular environment.

The MITRE SAF^© Harden Capability

See the MITRE SAF^© Hardening Library for open-source solutions for automated hardening.