Implementation should include the following:
- Hardware/firmware security
- Full disk encryption/self-encrypting drive (FDE/SED)
- Trusted Platform Module (TPM)
- Hardware security module (HSM)
- Unified Extensible Firmware Interface/basic input-output system (UEFI/BIOS)
- Secure boot and attestation
- Supply chain
- Hardware root of trust
- Electromagnetic Interference/electromagnetic pulse (EMI/EMP)
- Operating systems
- Types
- Network
- Server
- Workstation
- Appliance
- Kiosk
- Mobile operating system (OS)
- Patch management
- Unnecessary ports and services disabled
- Least functionality
- Secure configurations
- Trusted operating system
- Whitelisting/blacklisting application
- Default accounts/passwords disabled
- Peripherals
- Wireless keyboards
- Wireless mice
- Displays
- WiFi-enabled Micro Secure Digital (MicroSD) cards
- Printers/Multi-function Devices (MFDs)
- External storage devices
- Digital cameras
Process/Skill Questions:
- How is a nonsecure system design detected?
- What are the differences in security considerations between servers and workstations?
- What security considerations are imperative in a BYOD/BYOT environment?