Physical Security

Secure location or Server room.
Server room locked.
Server room with adequate, conditioned power.
Server room with air conditioning.
Server room with adequate ventilation.

Services

Unused default services removed.
Known OS vulnerabilities are current and protected.
Current patches and upgrades loaded and tested.

Audit logs enabled.

Access Privileges

Only privileges necessary to the job have been granted.
Administrator logon used only for administrative activities.
Restrict access to guest accounts.
Minimal privileges granted to “everyone, public or world”.
Examine audit logs for abnormalities.

Malicious Code

Anti-virus software installed and current.
Anti-virus policy in place.

Other

Configuration management solution in place.
Business continuity plan in place.