CIS Safeguard 4.2 calls for you to establish and maintain a secure configuration process for network infrastructure. This includes the review and documentation when significant changes occur or at least once a year.

Before starting we have to rewind to Safeguard 1.1 which requires you to establish and maintain an asset inventory including your network infrastructure inventory. You can't continue until that is completed.

Next is you have to create a standard baseline configuration for each type of network device and if you are working with multiple vendors for each type of device then you should have a documented baseline configuration for each as every vendor does things differently.

Once you have your baselines, then regular audits should be completed to assess the device configuration against these baselines. In the past I have seen these audits completed as part of the technology alignment process or by using configuration management tools like Liongard that can automate the process.

Your process next needs to include a strict change management process that requires review and approval for any configuration modifications. This has to be well-documented, authorized, and align with the established best practices. Any change management process should also account for the process of approval and completing firmware updates.

Using a centralized logging and monitoring tool for your network devices to track and analyze events in real-time will help you ensure you stay on top of the process and finally performing regular reviews of the baseline to ensure they are current and account any new emerging threats or changes in the network infrastructure as a whole.

The most important thing here is to acknowledge that your way may not be the best way and to use any trusted resources or community you are a member of to gain feedback.

Looking for a jump start - Download CIS's Secure Configuration Management Template at (https://lnkd.in/e4xYfNye)