Which organization is a source of industry-accepted system hardening standards?

• A. Center for Internet Security (CIS)
• B. International Organization for Standardization (ISO)
• C. SysAdmin Audit Network Security (SANS) Institute
• D. National Institute of Standards Technology (NIST)

Answer: (B)

Hardening a system is about implementing secure configurations and controls to reduce vulnerabilities. ISO is the best fit here because ISO/IEC standards provide internationally recognized, formal guidance on security controls and management practices that organizations adopt to securely configure and maintain their systems. These standards—such as ISO/IEC 27001 for information security management and ISO/IEC 27002 for security controls—offer a globally accepted framework, making them a primary source for industry-accepted hardening guidance.

While other groups like CIS publish practical benchmarks for specific systems and NIST provides detailed guidelines, ISO’s broad, internationally adopted standards establish the overarching requirements and best practices that many organizations use as the baseline for secure configurations across diverse environments.