football

KNEL/football

Fork 0

Commit Graph

Author	SHA1	Message	Date
Charles N Wyble	ac7df85a0e	feat: add security baselines guide and update build script Security Baselines Guide Includes: - Comprehensive security baseline overview - Kernel parameters verification - Firewall rules baseline - Authentication and password baselines - Audit rules baseline - Service baselines (enabled/prohibited) - File permission baselines - AIDE configuration baseline - Logging baselines - Initial hardening procedures - Baseline verification procedures - Ongoing hardening activities (daily/weekly/monthly/quarterly/annual) - Baseline maintenance procedures - Compliance verification for CIS/CMMC/FedRAMP - Troubleshooting guide - Quick reference commands Build Script Updates: - Add PAM configuration step (common-password-cis) - Add faillock configuration for account lockout - Add AIDE database initialization - Add Secure Boot configuration step - Add additional systemd services (auditd, rsyslog, apparmor, aide-check.timer) - Update step numbers to 11/11 for consistency - Improve hardening script execution Security Controls Applied: - PAM with CIS password policies - Account lockout (5 attempts, 15 minutes) - AIDE database initialization - Secure Boot configuration - All security services enabled Compliance Standards: - CIS Debian 13 Benchmark - CMMC Level 3 - FedRAMP Moderate - NIST SP 800-53 Moderate - NIST SP 800-171 This guide provides complete baseline verification and maintenance procedures for Tier0 infrastructure protection. 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>	2026-01-13 14:20:05 -05:00
Charles N Wyble	392dd9dadc	docs: add comprehensive security documentation - Add SECURITY-POLICY.md with all security policies - Add INCIDENT-RESPONSE.md with incident response procedures Security Policy Includes: - Information Security Policy (purpose, scope, compliance) - Access Control Policy (least privilege, separation of duties) - Network Security Policy (WireGuard-only, remote access prohibition) - Incident Response Policy (classification, process, notification) - Change Management Policy (categories, process, controls) - Audit and Logging Policy (scope, requirements, retention) - Password Policy (complexity, aging, lockout) - Acceptable Use Policy (authorized/prohibited use, monitoring) - Physical Security Policy (access controls, device security) - Data Classification Policy (CUI marking, handling, retention) Incident Response Procedures Include: - Incident Classification (Category I, II, III) - Incident Detection (sources, indicators, assessment) - Incident Response Process (6 phases) - Specific Incident Procedures (malware, data breach, DoS) - Post-Incident Activities (reporting, lessons learned) - Communication Procedures (internal, external) - Documentation Requirements (logs, evidence, retention) - Training and Drills (requirements, drills, assessment) Compliance Standards Addressed: - CIS Debian 13 Benchmark: All applicable policies - CMMC Level 3: All domain policies - FedRAMP Moderate: All control policies - NIST SP 800-53: All control policies - NIST SP 800-171: All control policies Documentation Structure: - Comprehensive policy framework - Detailed incident response procedures - Contact information for all stakeholders - Compliance references included - Document control procedures - Review and update schedules This documentation provides complete policy framework for: - Tier0 infrastructure protection - CUI handling requirements - Security incident response - Regulatory compliance - Security governance 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>	2026-01-13 14:00:36 -05:00

Author

SHA1

Message

Date

Charles N Wyble

ac7df85a0e

feat: add security baselines guide and update build script

Security Baselines Guide Includes:
- Comprehensive security baseline overview
- Kernel parameters verification
- Firewall rules baseline
- Authentication and password baselines
- Audit rules baseline
- Service baselines (enabled/prohibited)
- File permission baselines
- AIDE configuration baseline
- Logging baselines
- Initial hardening procedures
- Baseline verification procedures
- Ongoing hardening activities (daily/weekly/monthly/quarterly/annual)
- Baseline maintenance procedures
- Compliance verification for CIS/CMMC/FedRAMP
- Troubleshooting guide
- Quick reference commands

Build Script Updates:
- Add PAM configuration step (common-password-cis)
- Add faillock configuration for account lockout
- Add AIDE database initialization
- Add Secure Boot configuration step
- Add additional systemd services (auditd, rsyslog, apparmor, aide-check.timer)
- Update step numbers to 11/11 for consistency
- Improve hardening script execution

Security Controls Applied:
- PAM with CIS password policies
- Account lockout (5 attempts, 15 minutes)
- AIDE database initialization
- Secure Boot configuration
- All security services enabled

Compliance Standards:
- CIS Debian 13 Benchmark
- CMMC Level 3
- FedRAMP Moderate
- NIST SP 800-53 Moderate
- NIST SP 800-171

This guide provides complete baseline verification and
maintenance procedures for Tier0 infrastructure protection.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

2026-01-13 14:20:05 -05:00

Charles N Wyble

392dd9dadc

docs: add comprehensive security documentation

- Add SECURITY-POLICY.md with all security policies
- Add INCIDENT-RESPONSE.md with incident response procedures

Security Policy Includes:
- Information Security Policy (purpose, scope, compliance)
- Access Control Policy (least privilege, separation of duties)
- Network Security Policy (WireGuard-only, remote access prohibition)
- Incident Response Policy (classification, process, notification)
- Change Management Policy (categories, process, controls)
- Audit and Logging Policy (scope, requirements, retention)
- Password Policy (complexity, aging, lockout)
- Acceptable Use Policy (authorized/prohibited use, monitoring)
- Physical Security Policy (access controls, device security)
- Data Classification Policy (CUI marking, handling, retention)

Incident Response Procedures Include:
- Incident Classification (Category I, II, III)
- Incident Detection (sources, indicators, assessment)
- Incident Response Process (6 phases)
- Specific Incident Procedures (malware, data breach, DoS)
- Post-Incident Activities (reporting, lessons learned)
- Communication Procedures (internal, external)
- Documentation Requirements (logs, evidence, retention)
- Training and Drills (requirements, drills, assessment)

Compliance Standards Addressed:
- CIS Debian 13 Benchmark: All applicable policies
- CMMC Level 3: All domain policies
- FedRAMP Moderate: All control policies
- NIST SP 800-53: All control policies
- NIST SP 800-171: All control policies

Documentation Structure:
- Comprehensive policy framework
- Detailed incident response procedures
- Contact information for all stakeholders
- Compliance references included
- Document control procedures
- Review and update schedules

This documentation provides complete policy framework for:
- Tier0 infrastructure protection
- CUI handling requirements
- Security incident response
- Regulatory compliance
- Security governance

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

2026-01-13 14:00:36 -05:00

2 Commits