Security Configuration Guidance
NSA develops and distributes configuration guidance for a wide variety of software, both open source and proprietary. We strive to provide NSA customers and the software development community the best possible security options for the most widely used products. NSA does not favor or promote any specific software product or business model. Rather, we promote enhanced security.
-
From section:
Networks
Manageable Network Plan Teaser Update
This document is the updated Manageable Network Plan Teaser providing highlights of the Manageable Network Plan.
02 November 2016 2 page(s) pdf
-
From section:
Industrial Control Systems
Assess the Mess
This is a technical document/manual for use by DoD, government, and industry ICS owners and operators. It provides methodologies to collect and analyze host and network data on ICS networks in order to baseline and secure these infrastructures.
01 November 2016 99 page(s) pdf
-
From section:
Applications
Security Configuration Guide for Browser Updates
Web browsers must be updated on a frequent basis in order to resist highly-scalable, low cost attacks. This document provides a per-browser approach for administrators to keep each major browser updated. Technical details provided in this guide are subject to change as operating systems and browser software evolve, but the overall strategies are likely to remain consistent.
14 October 2016 6 page(s) pdf
-
From section:
Operating Systems
Implementing a Secure Administrator Workstation Using Device Guard
Defenders must raise the cost for an adversary to obtain high-value domain credentials after an initial intrusion. One such way is through a dedicated administrator workstation for performing highly-privileged tasks subsequently referred to as a Secure Administrator Workstation (SAW). SAWs address credential theft techniques by limiting highly-privileged credentials to specific hardened systems. This guide will help DoD administrators configure a...
27 July 2016 8 page(s) pdf
-
From section:
Industrial Control Systems
Guidelines for Application Whitelisting Industrial Control Systems
This document serves as an appendix to the “Seven Steps to Defend Industrial Control Systems” document, providing additional conceptual-level guidance on implementing application whitelisting.
Application Whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries. The static nature of some industrial control system (ICS) components, such as database servers and human-machine interfaces, makes these ideal candidates to...01 April 2016 7 page(s) pdf
-
From section:
Operating Systems
Security Highlights of Windows 10
This document provides a high-level description of new security features in Windows 10 for senior technology leaders. It describes how these features disrupt attacker tools, techniques, and procedures used against National Security Systems today.
24 February 2016 2 page(s) pdf
-
From section:
Industrial Control Systems
Position Zero: Integrity Checking Windows-Based ICS/SCADA Systems
This document outlines several techniques that utilize functionality available within the Microsoft Windows operating system to establish an operational foundation ('position zero') of ICS/SCADA servers and workstations.
09 February 2016 24 page(s) pdf
-
From section:
Industrial Control Systems
Seven Steps to Effectively Defend Industrial Control Systems
Securing Industrial Control Systems (ICSs) against the modern threat requires well-planned and well-implemented strategies. This paper presents seven steps that can be implemented today to counter common exploitable weaknesses in "as-built" control systems.
23 December 2015 7 page(s) pdf
-
From section:
Applications
Recommendations for Configuring Adobe Acrobat Reader DC in a Windows Environment
This document provides guidance on configuring Adobe Reader DC in a Windows environment. Adobe Reader DC is the latest version of Adobe Reader and replaces Adobe Reader XI. The “DC” in the title stands for “Document Cloud” which refers to the cloud based features introduced in Adobe Reader DC.
02 December 2015 13 page(s) pdf
-
From section:
Networks
Manageable Network Plan Guide (version 4.0)
A Manageable Network Plan is a series of milestones that can take an unmanageable, insecure network and make it more defensible, more secure and more manageable. Because the plan is intended to be a long-term solution, implementing milestones may require additional resources and time. Once manageable, your network can be secured more efficiently and effectively.
01 December 2015 58 page(s) pdf
Top