^©

Harden

These open source community-based hardening baselines help to securely configure common system components. MITRE is helping to provide stewardship over these hardening baselines, hosted here and at other community vendor sites. If you are interested in new hardening baselines, please contact us at saf@groups.mitre.org.

Usage

The Hardening Library contents are hardening scripts that can be used in conjunction with orchestration tools such as Ansible or Chef recipes to harden system components against baselines. Specific usage instructions for each piece of hardening content can be found in their repository README files.


Cloud Service Providers
AWS CIS Benchmark \| v2.0.0 Title	Terraform	MITRE SAF
Azure CIS Benchmark \| v1.2.0 Title	Ansible	Ansible Lockdown
Virtual Platforms
Docker CIS Benchmark \| v1.1.0 Title	Ansible	MITRE SAF
Docker CIS Benchmark \| v1.1.0 Title	Kitchen	MITRE SAF
Docker Enterprise 2.x STIG \| v1r1 Title	Ansible	DISA
VMware VCSA 6.7 STIG \| v1r2 Title	Ansible	VMware
VMware VCSA 7.0 STIG Readiness Guide \| v1r4 Title	Ansible	VMware
VMware vSphere 6.5 STIG \| v1r2 Title	Ansible	DISA
VMware vSphere 7.0 STIG Readiness Guide \| v4r1 Title	PowerCLI	VMware
Operating Systems
Red Hat 7 STIG \| v3r5 Title	Ansible	Ansible Lockdown
Red Hat 7 STIG \| v3r5 Title	Chef	DISA
Red Hat 8 CIS Benchmark \| v2.0.0 Title	Ansible	Ansible Lockdown
Red Hat 8 STIG \| v1r13 Title	Ansible	Ansible Lockdown
Red Hat 8 STIG \| v1r13 Title	Chef	DISA
SUSE 15 STIG \| v1r9 Title	Ansible	DISA
Ubuntu 16.04 STIG \| v1r1 Title	Kitchen	MITRE SAF
Ubuntu 18.04 CIS Benchmark \| v2.1.0 Title	Ansible	Ansible Lockdown
Ubuntu 18.04 LTS STIG \| v2r10 Title	Ansible	DISA
Ubuntu 18.04 STIG \| v2r10 Title	Ansible	Ansible Lockdown
Ubuntu 20.04 CIS Benchmark \| v1.1.0 Title	Ansible	Ansible Lockdown
Ubuntu 20.04 LTS STIG \| v1r6 Title	Ansible	DISA
Windows 10 STIG \| v1r19 Title	Ansible	Ansible Lockdown
Windows 2008 Server CIS Benchmark \| v3.3.0 Title	Ansible	Ansible Lockdown
Windows 2012 Domain Controller CIS Benchmark Title	Ansible	Ansible Lockdown
Windows 2012 STIG \| v12r2 Title	Kitchen	MITRE SAF
Windows 2012 Server CIS Benchmark Title	Ansible	Ansible Lockdown
Windows 2016 CIS Benchmark \| v1.2.0 Title	Ansible	Ansible Lockdown
Windows 2016 STIG \| v1r7 Title	Kitchen	MITRE SAF
Windows 2016 STIG \| v1r7 Title	Ansible	Ansible Lockdown
Windows 2016 STIG \| v1r7 Title	PowerCLI	DISA
Windows 2019 CIS Benchmark \| v1.3.0 Title	Ansible	Ansible Lockdown
Windows 2019 STIG \| v2r1 Title	Ansible	Ansible Lockdown
Windows Server 2016 STIG \| v1r3 Title	Chef	DISA
Windows Server 2019 STIG \| v1r2 Title	Chef	DISA
Databases
MongoDB STIG \| v1r2 Title	Kitchen	MITRE SAF
PostgreSQL 12.x CIS Benchmark \| v1.0.0 Title	Ansible	Ansible Lockdown
PostgreSQL 9.x STIG \| v1r6 Title	Ansible	Ansible Lockdown
Network
Cisco IOS XE NDM/RTR STIG \| v2r3 Title	Ansible	DISA
Cisco IOS XE Router STIG \| v2r1 Title	Ansible	DISA
Juniper SRX SG STIG \| v1r1 Title	Ansible	DISA
Application Logic
Elasticsearch Title	Kitchen	MITRE SAF
JRE 8 STIG \| v1r3 Title	Kitchen	MITRE SAF
Keycloak Custom Modules \| v3r2 Title	Keycloak	MITRE SAF
Web Servers
Apache CIS Benchmark \| v2.0.0 Title	Ansible	Ansible Lockdown
Apache STIG \| v2r2 Title	Ansible	Ansible Lockdown
IIS Server STIG \| v1r5 Title	Kitchen	MITRE SAF
IIS Sites STIG \| v1r5 Title	Kitchen	MITRE SAF
NGINX STIG Ready \| v3r1 Title	Ansible	MITRE SAF
NGINX [WIP] \| v1r9 Title	Kitchen	MITRE SAF
Tomcat 9 STIG \| v1r3 Title	Ansible	Ansible Lockdown
Tomcat CIS Benchmark \| v1.0.1 Title	Ansible	MITRE SAF
Tomcat CIS Benchmark \| v1.0.1 Title	Kitchen	MITRE SAF
Tomcat CIS Benchmark \| v1.0.1 Title	Ansible	MITRE SAF