1. Vendors
   1. Security standards are often created by the vendors of IT devices, applications and operating systems.
   2. Standards from a vendor source are considered the least objective.
   3. Example: Microsoft Security Compliance Manager
      1. A tool that assists with system configuration and management.
      2. Includes a large number of built-in security configuration baselines for various versions of the Windows server and Windows desktop operating systems, Internet Explorer, Exchange Server and Microsoft Office.
2. Government Agencies
   1. Instead of a vendor, some organizations may wish for a more objective source of information and expertise when developing security standards. Government agencies such as NIST are an excellent source of security guidance.
   2. Example: NIST SP 800-179
      1. Provides security guidelines Apple's Macintosh OS X 10.10 (Yosemite).
      2. 126 pages
      3. Topics:
         1. How the guide was developed
         2. Components of OS 10
         3. Installation, backup, and patching procedures
         4. Security Configuration
         5. Specific NIST Guidelines
      4. Very Detailed
3. Third Party Organizations
   1. Some organizations want an even more objective source than the government and seek out third-party organizations that exist solely to provide security advice.
   2. Example: The Center for Internet Security (CIS)
      1. Publishes a series of security benchmarks that represent the consensus opinions of a large number of subject matter experts.
      2. Benchmarks (Baselines) Lists:
         1. Desktops & Web Browsers
            1. Apple Desktop OSX
            2. Apple Safari Browser
            3. Google Chrome
            4. Microsoft Internet Explorer
            5. Microsoft Windows Desktop XP/NT
            6. Mozilla Firefox Browser
            7. Opera Browser
         2. Mobile Devices
            1. Apple Mobile Platform iOS
            2. Google Mobile Platform
         3. Network Devices
            1. Agnostic Print Devices
            2. Checkpoint Firewall
            3. Cisco Firewall Devices
            4. Cisco Routers/Switches IOS
            5. Cisco Wireless LAN Controller
            6. Juniper Routers/Switches JunOS
         4. Servers (Operating Systems)
            1. Amazon Linux
            2. CentOS
            3. Debian Linux Server
            4. IBM AIX Server
            5. Microsoft Windows Server
            6. Novell Netware
            7. Oracle Linux
            8. Oracle Solaris Server
            9. Red Hat Linux Server
            10. Slackware Linux Server
            11. SUSE Linux Enterprise Server
            12. Ubuntu LTS Server
         5. Servers (Other)
            1. Apache HTTP Server
            2. Apache Tomcat Server
            3. BIND DNS Server
            4. FreeRADIUS
            5. Microsoft IIS Server
            6. IBM DB2 Server
            7. Microsoft Exchange
            8. Microsoft SharePoint Server
            9. Microsoft SQL Server
            10. MIT Kerberos
            11. MySQL Database Server
            12. Novell eDirectory
            13. OpenLDAP Server
            14. Oracle Database Server
            15. Sybase Database Server
         6. Virtualization Platforms & Cloud
            1. Agnostic VM Server
            2. AWS Foundations
            3. AWS Three-Tier Web Architecture
            4. Docker
            5. Kubernetes
            6. VMware Server
            7. Xen Server
         7. Other
            1. Microsoft Access
            2. Microsoft Excel
            3. Microsoft Office
            4. Microsoft Outlook
            5. Microsoft PowerPoint
            6. Microsoft Word