What are the recommended hardened services settings for Windows for PCI DSS, NERC-CIP, NIST 800-53 / 800-171 or other compliance standards?

Security Best Practice advocates the minimizing of your IT systems' 'Attack Surface'. By using CIS Benchmark secure configuration guidance we can harden systems against attack. Known vulnerabilities can be removed and defenses strengthened by applying an expert-derived configuration policy.

Download The Complete Hardened Services Configuration


The Center for Internet Security also recommends hardening services configurations, cutting back functionality to reduce further the opportunities to compromise a system. However, the demands of each organization, their IT services and their environment are all different, making it impossible to accurately prescribe a hardened services policy for every situation.

To help you get started with deriving your own hardened services policies, NNT in conjunction with Microsoft have provided the following Hardened Services checklists. You can manually audit your server for compliance using the checklists provided below, changing service mode and state using the Windows Services Console (search or run -> services.msc). As ever, it pays to test application and service delivery as you apply hardening measures to ensure required functionality is preserved while security is improved.

Please contact This email address is being protected from spambots. You need JavaScript enabled to view it. with any questions or to get help with your hardening project.

Hardened Windows Service Configurations