Unit 1 - Build Standards and Compliance

Overview

Building standards and compliance in cybersecurity engineering ensures that systems adhere to industry best practices, regulatory requirements, and security frameworks, reducing risks and vulnerabilities.

By implementing structured guidelines through tools and frameworks like STIGs (Security Technical Implementation Guides) and the NIST CS (National Institute of Standards and Technology Cyber Security) framework, organizations can maintain resilience against evolving threats while ensuring accountability and regulatory alignment.

This chapter will present critical knowledge in implementing security controls in information systems.

Learning Objectives

By the end of Unit 1 students will have foundational knowledge and skills of the concepts below:

  1. Security Frameworks such as STIGs, CIS Controls, NIST Cybersecurity Framework
  2. Regulatory Compliance and Industry Standards when administering and building systems
  3. Skills and concepts in interacting with STIG remediation processes
  4. Understanding Risk Management and concepts surrounding risk vectors to organizations
  5. STIG Remediation and documentation skills

Relevance & Context

As the shepherds of sensitive data and systems, it is the ethical and legal duty of individuals that administer and build these systems to protect them from malicious actors with no regard for propriety. To be successful in securing systems students will need to thoroughly understand the cybersecurity landscape, its myriad potential threats, and the tools engineers and administrators have at their disposal.

The concepts presented in this unit play a pivotal role in organizing and structuring a resilient security posture against threats to enterprise and organizational entities. They provide processes and procedures that engineers and administrators can implement to significantly reduce the attack surface of the systems they administer along with building a system of logging and documentation in the eventuality of a security incident.

By thoroughly understanding these concepts students will be armed with a set of tools in the eternal and ever evolving landscape of cybersecurity.

Prerequisites

Students should have a strong understanding of such skills as presented in the Linux Administration Course including:

  1. The Command Line Interface and BASH shell skills
  2. Installing and Updating Linux System Packages
  3. Interacting with command line tools such as: systemctl, mount, grep, and ss
  4. Ability to interact with basic SQL queries using MariaDB
  5. Students will need to download the latest STIG viewer, v2.18

Key terms and Definitions

CIA Triad
Regulatory Compliance
HIPAA
Industry Standards
PCI/DSS
Security Frameworks
CIS
STIG