S 4 Safeguard catalogues Hardware and software
S 4.1 Password protection for IT systems
S 4.3 Use of virus protection programs
S 4.4 Correct handling of drives for removable media and external data storage
S 4.6 Audit of the PBX configuration
S 4.7 Change of preset passwords
S 4.8 Protection on the PBX operator´s console - not to apply
S 4.9 Use of the security mechanisms of X Windows
S 4.10 Secure basic local configuration of routers and switches
S 4.11 Screening of PBX interfaces
S 4.12 Disabling of unnecessary PBX performance features - not to apply
S 4.13 Careful allocation of identifiers
S 4.14 Mandatory password protection under Unix
S 4.16 Restriction on access to user IDs and/or terminals
S 4.17 Blocking and erasure of unneeded accounts and terminals
S 4.19 Restrictive allocation of attributes for Unix system files and directories
S 4.20 Restrictive allocation of attributes for Unix user files and directories
S 4.21 Preventing unauthorised acquisition of administrator rights
S 4.22 Prevention of loss of confidentiality of sensitive data in the Unix system
S 4.23 Secure invocation of executable files
S 4.24 Ensuring consistent system management
S 4.25 Use of logging in Unix systems
S 4.26 Regular security checks of Unix systems
S 4.27 Laptop access protection
S 4.28 Software reinstallation in the case of change of laptop users
S 4.29 Use of an encryption product for portable IT systems
S 4.30 Utilisation of the security functions offered in application programs
S 4.31 Ensuring power supply during mobile use
S 4.32 Physical deletion of data media before and after usage
S 4.33 Use of a virus scanning program on exchange of data media and during data transfer
S 4.34 Using encryption, checksums, or digital signatures
S 4.35 Pre-dispatch verification of the data to be transferred
S 4.36 Blocking fax recipient numbers
S 4.37 Blocking fax sender numbers
S 4.38 Deactivation of unnecessary service features - not to apply
S 4.39 Deactivation of answering machines for periods of absence - not to apply
S 4.40 Preventing unauthorised use of computer microphones and cameras
S 4.41 Use of a appropriate security products for IT systems
S 4.42 Implementation of security functions in the IT application
S 4.43 Fax machine with automatic envelopment sealing system
S 4.44 Check of incoming files for macro viruses - not to apply
S 4.45 Setup of a secure peer-to-peer environment under WfW - not to apply
S 4.46 Use of the log-on password under WfW and Windows 95 - not to apply
S 4.47 Logging of security gateway activities
S 4.48 Password protection under Windows systems
S 4.49 Protection of the boot procedure for a Windows system
S 4.50 Structured system administration under Windows NT - not to apply
S 4.51 User profiles to restrict the usage possibilities of Windows NT - not to apply
S 4.52 Device protection under Windows NT/2000/XP
S 4.53 Restrictive allocation of access rights to files and directories under Windows NT - not to apply
S 4.54 Logging under Windows NT - not to apply
S 4.55 Secure installation of Windows NT - not to apply
S 4.56 Secure deletion under Windows operating systems
S 4.57 Disabling automatic CD-ROM recognition
S 4.58 Sharing of directories under Windows 95 - not to apply
S 4.59 Deactivation of ISDN board functions which are not required
S 4.60 Deactivation of ISDN router functions which are not required
S 4.61 Use of security mechanisms offered by ISDN components
S 4.62 Use of a D-channel filter
S 4.63 Security-related requirements for telecommuting computers
S 4.64 Verification of data before transmission / elimination of residual information
S 4.65 Testing of new hardware and software
S 4.66 Novell Netware - safe transmission to the year 2000 - not to apply
S 4.67 Locking and deleting database accounts which are no longer required
S 4.68 Ensuring consistent database management
S 4.69 Regular checks of database security
S 4.71 Restrictive handling of database links
S 4.73 Specification of upper limits for selectable records
S 4.74 Networked Windows 95 computers - not to apply
S 4.75 Protection of the registry under Windows systems
S 4.76 Secure system version of Windows NT - not to apply
S 4.77 Protection of administrator accounts under Windows NT - not to apply
S 4.78 Careful modifications of configurations
S 4.79 Secure access mechanisms for local administration
S 4.80 Secure access mechanisms for remote administration
S 4.81 Auditing and logging of activities in a network
S 4.82 Secure configuration of active network components
S 4.83 Updating / upgrading of software and hardware in network components
S 4.84 Use of BIOS security mechanisms
S 4.85 Design of suitable interfaces for crypto modules
S 4.86 Secure separation of roles and configuration with crypto modules
S 4.87 Physical security of crypto modules
S 4.88 Operating system security requirements when using crypto modules
S 4.90 Use of cryptographic procedures on the various layers of the ISO/OSI reference model
S 4.91 Secure installation of a system management system
S 4.92 Secure operation of a system management system
S 4.93 Regular integrity checking
S 4.94 Protection of the web server files
S 4.95 Minimal operating system
S 4.98 Restricting communication to a minimum with packet filters
S 4.99 Protection against subsequent change to information
S 4.100 Security gateways and active content
S 4.101 Firewalls and encryption
S 4.102 C2 security under Novell 4.11 - not to apply
S 4.103 DHCP server under Novell Netware 4.x - not to apply
S 4.104 LDAP Services for NDS - not to apply
S 4.105 Initial measures after a Unix standard installation
S 4.106 Activation of system logging
S 4.107 Use of the vendor resources
S 4.108 Simplified an secure network management with DNS services under Novell NetWare 4.11 - not to apply
S 4.109 Software reinstallation on workstations
S 4.110 Secure installation of the RAS system - not to apply
S 4.111 Secure configuration of the RAS system - not to apply
S 4.112 Secure operation of the RAS system - not to apply
S 4.113 Use of an authentication server for remote access VPNs
S 4.114 Use of the security mechanisms provided on mobile phones
S 4.115 Safeguarding the power supply of mobile phones
S 4.116 Secure installation of Lotus Notes/Domino
S 4.117 Secure configuration of Lotus Notes server - not to apply
S 4.118 Configuration as a Lotus Notes server - not to apply
S 4.119 Instituting restrictions on access to Lotus Notes servers - not to apply
S 4.120 Configuration of access control lists for Lotus Notes databases - not to apply
S 4.121 Configuration of rights of access to the Lotus Notes Name and Address Book - not to apply
S 4.122 Configuration for browser access to Lotus Notes - not to apply
S 4.123 Configuration of SSL-protected browser access to Lotus Notes - not to apply
S 4.124 Configuration of authentication mechanisms with browser access to Lotus Notes - not to apply
S 4.125 Instituting restrictions on access to Lotus Notes databases with browser access - not to apply
S 4.126 Secure configuration of a Lotus Notes client - not to apply
S 4.127 Secure configuration of browser access to Lotus Notes - not to apply
S 4.128 Secure operation of the Lotus Notes/Domino environment
S 4.129 Secure handling of Notes ID files - not to apply
S 4.130 Security measures following the creation of a new Lotus Notes database - not to apply
S 4.131 Encryption of Lotus Notes databases - not to apply
S 4.132 Monitoring the Lotus Notes/Domino environment
S 4.133 Appropriate choice of authentication mechanisms
S 4.134 Selection of suitable data formats
S 4.135 Restrictive granting of access rights to system files
S 4.136 Secure installation of Windows 2000 - not to apply
S 4.137 Secure configuration of Windows 2000 - not to apply
S 4.138 Configuration of Windows Server as a domain controller
S 4.139 Configuration of Windows 2000 as server - not to apply
S 4.140 Secure configuration of important Windows 2000 services - not to apply
S 4.141 Secure configuration of the DDNS under Windows 2000 - not to apply
S 4.142 Secure configuration of the WINS under Windows 2000 - not to apply
S 4.143 Secure configuration of the DCHP under Windows 2000 - not to apply
S 4.144 Use of the Windows 2000 CA - not to apply
S 4.145 Secure configuration of RRAS under Windows 2000 - not to apply
S 4.146 Secure operation of Windows client operating systems
S 4.147 Secure use of EFS under Windows
S 4.148 Monitoring a Windows 2000/XP system
S 4.149 File and share authorisations in Windows
S 4.150 Configuration of Windows 2000 as workstation - not to apply
S 4.151 Secure installation of Internet PCs
S 4.152 Secure operation of Internet PCs
S 4.153 Secure installation of Novell eDirectory
S 4.154 Secure installation of the Novell eDirectory client software
S 4.155 Secure configuration of Novell eDirectory
S 4.156 Secure configuration of the Novell eDirectory client software
S 4.157 Setting of access authorisations to Novell eDirectory
S 4.158 Setting of the LDAP access to Novell eDirectory
S 4.159 Secure operation of Novell eDirectory
S 4.160 Monitoring of Novell eDirectory
S 4.161 Secure installation of Exchange systems
S 4.162 Secure configuration of Exchange servers
S 4.163 Access rights to Exchange objects
S 4.164 Browser access to Exchange 2000 - not to apply
S 4.165 Secure configuration of Outlook
S 4.166 Secure operation of Exchange systems
S 4.167 Monitoring and logging of Exchange 2000 systems - not to apply
S 4.168 Selection of a suitable archive system
S 4.169 Use of appropriate archival media
S 4.170 Selection of suitable data formats for the archival storage of documents
S 4.171 Protection of the integrity of the archive system index database
S 4.172 Logging of the archival accesses
S 4.173 Regular function and recovery tests for archiving
S 4.174 Preparing the WindowNT/2000 installation for IIS - not to apply
S 4.175 The secure configuration of Windows NT/2000 for IIS - not to apply
S 4.176 Selection of an authentication method for web offerings
S 4.177 Assuring the integrity and authenticity of software packages
S 4.178 Protection of administrator and user accounts with IIS - not to apply
S 4.179 Protection of security-critical files with IIS - not to apply
S 4.180 Configuration of authentication mechanisms for access to the IIS - not to apply
S 4.181 Running IIS in a separate process - not to apply
S 4.182 Monitoring of the IIS system - not to apply
S 4.183 Ensuring the availability and performance of the IIS - not to apply
S 4.184 Deactivation of unnecessary Windows system services with IIS - not to apply
S 4.185 Protection of virtual directories and web applications with IIS - not to apply
S 4.186 Removing the sample files and administration scripts in IIS - not to apply
S 4.187 Removal of the FrontPage Server extension of IIS - not to apply
S 4.188 Validation of user inputs where IIS is used - not to apply
S 4.189 Protection against unauthorised program calls with IIS - not to apply
S 4.190 Removal of RDS support in IIS - not to apply
S 4.191 Verification of the integrity and authenticity of Apache packages - not to apply
S 4.192 Configuration of the operating system for an Apache web server - not to apply
S 4.193 Secure installation of an Apache web server - not to apply
S 4.194 Secure basic configuration of an Apache web server - not to apply
S 4.195 Configuration of access control under the Apache web server - not to apply
S 4.196 Secure operation of an Apache web server - not to apply
S 4.197 Server extensions for dynamic web pages where the Apache web server is used - not to apply
S 4.198 Installation of an application in a chroot cage
S 4.199 Avoiding problematic file formats
S 4.200 Handling of USB storage media
S 4.201 Secure basic local configuration of routers and switches
S 4.202 Secure basic network configuration of routers and switches
S 4.203 Configuration checklist for routers and switches
S 4.204 Secure administration of routers and switches
S 4.205 Logging on routers and switches
S 4.206 Protection of switch ports
S 4.207 Use and protection of system-related z/OS terminals
S 4.208 Protecting the start process of z/OS systems
S 4.209 Secure basic configuration of z/OS systems
S 4.210 Secure operation of the z/OS operating system
S 4.211 Use of the z/OS security system RACF
S 4.212 Protection of Linux for zSeries
S 4.213 Protecting the login process under z/OS
S 4.214 Administration of data media under z/OS systems
S 4.215 Protection of z/OS utilities that are critical to security
S 4.216 Stipulation of the system limits of z/OS
S 4.217 Workload management for z/OS systems
S 4.218 Information on character set conversion in z/OS systems
S 4.219 Licence key management for z/OS software
S 4.220 Protection of Unix System Services on z/OS systems
S 4.221 Parallel Sysplex under z/OS
S 4.222 Correct configuration of security proxies
S 4.223 Integration of proxy servers into the security gateway
S 4.224 Integration of VPN components into a security gateway
S 4.225 Use of a logging server on a security gateway
S 4.226 Integration of virus scanners into a security gateway
S 4.227 Use of a local NTP server for time synchronisation
S 4.228 Using the built-in security mechanisms on PDAs
S 4.229 Secure operation of PDAs
S 4.230 Central administration of PDAs
S 4.231 Use of additional security tools for PDAs
S 4.232 Secure use of extended memory cards
S 4.233 Blocking of no longer required RAS accounts - not to apply
S 4.234 Orderly withdrawal from operation of IT systems and data media
S 4.235 Comparison of stored data on laptops
S 4.236 Central administration of laptops
S 4.237 Secure basic configuration of IT systems
S 4.238 Use of local packet filters
S 4.239 Secure operation of a server
S 4.240 Setting up a testing environment for servers
S 4.241 Secure operation of clients
S 4.242 Setting up a reference installation for clients
S 4.243 Windows client operating system administration tools
S 4.244 Secure configuration of Windows client operating systems
S 4.245 Basic settings for Windows Group Policy Objects
S 4.246 Configuration of the system services under Windows XP, Vista and Windows 7
S 4.247 Restrictive assignment of authorisations under Windows Vista and Windows 7
S 4.248 Secure installation of Windows client operating systems
S 4.249 Keeping Windows client systems up to date
S 4.250 Selection of a central, network-based authentication service
S 4.251 Working with external IT systems
S 4.252 Secure configuration of training computers
S 4.253 Protection against Spyware - not to apply
S 4.254 Secure usage of wireless keyboards and mice
S 4.255 Use of the IrDA interfaces
S 4.256 Secure installation of SAP systems
S 4.257 Protection of the SAP installation directory on operating system level
S 4.258 Secure configuration of the SAP ABAP Stack
S 4.259 Secure use of the ABAP Stack user management
S 4.260 Rights management for SAP systems
S 4.261 Secure handling of critical SAP rights
S 4.262 Configuration of additional SAP authorisation checks
S 4.263 Protection of SAP destinations
S 4.264 Restricting direct table changes in SAP systems
S 4.265 Secure configuration of batch processing on SAP systems
S 4.266 Secure configuration of the SAP Java Stack
S 4.267 Secure use of the SAP Java Stack user management
S 4.268 Secure configuration of rights for the SAP Java Stack
S 4.269 Secure configuration of the SAP system database
S 4.271 Computer virus protection for SAP systems
S 4.272 Secure use of the SAP transport system
S 4.273 Secure use of the SAP Java Stack software deployment
S 4.274 Secure basic configuration of storage systems
S 4.275 Secure operation of storage systems
S 4.276 Planning the use of Windows Server 2003
S 4.277 Protection of SMB, LDAP, and RPC communication under Windows Servers
S 4.278 Secure use of EFS under Windows Server 2003
S 4.279 Advanced security aspects for Windows Server 2003
S 4.280 Secure basic configuration of Windows Server 2003 and higher
S 4.281 Secure installation and preparation of Windows Server 2003
S 4.282 Secure configuration of the IIS base components under Windows Server 2003
S 4.283 Secure migration of Windows NT 4 Server and Windows 2000 Server to Windows Server 2003
S 4.284 Handling of services under Windows Server 2003 and higher
S 4.285 De-installation of unnecessary client functions of Windows Server 2003
S 4.286 Use of software restriction policies under Windows Server 2003
S 4.287 Secure administration of VoIP middleware
S 4.288 Secure administration of VoIP terminals
S 4.289 Restricting the accessibility via VoIP
S 4.290 Requirements on security gateways for VoIP
S 4.291 Secure configuration of VoIP middleware
S 4.292 Logging of VoIP events
S 4.293 Secure operation of hotspots
S 4.294 Secure configuration of access points
S 4.295 Secure configuration of WLAN clients
S 4.296 Use of a suitable management solution for WLAN
S 4.297 Secure operation of WLAN components
S 4.298 Regular audits of WLAN components
S 4.299 Authentication for printers, copiers, and all-in-one devices
S 4.300 Information security for printers, copiers, and all-in-one devices
S 4.301 Restrictions on access to printers, copiers, and all-in-one devices
S 4.302 Logging on printers, copiers, and all-in-one devices
S 4.303 Use of network-enabled document scanners
S 4.304 Administration of printers
S 4.305 Use of storage restrictions (storage quotas)
S 4.306 Handling of password storage tools
S 4.307 Secure configuration of directory services
S 4.308 Secure installation of directory services
S 4.309 Setting up access authorisations for directory services
S 4.310 Setting up LDAP access to directory services
S 4.311 Secure operation of directory services
S 4.312 Monitoring directory services
S 4.313 Provision of secure domain controllers
S 4.314 Secure policy settings for domains and domain controllers
S 4.315 Maintenance of the operational reliability of an Active Directory
S 4.316 Monitoring the Active Directory infrastructure
S 4.317 Secure migration of Windows directory services
S 4.318 Implementation of secure administration methods for Active Directory
S 4.319 Secure installation of VPN devices
S 4.320 Secure configuration of a VPN
S 4.321 Secure operation of a VPN
S 4.322 Blocking unneeded VPN accounts
S 4.323 Synchronisation within patch and change management
S 4.324 Configuration of auto-update mechanisms in patch and change management
S 4.325 Deletion of swap files
S 4.326 Ensuring the NTFS file properties on a Samba file server
S 4.327 Verification of the integrity and authenticity of the Samba packages and sources
S 4.328 Secure basic configuration of a Samba server
S 4.329 Secure use of communication protocols when using a Samba server
S 4.330 Secure installation of a Samba server
S 4.331 Secure configuration of the operating system of a Samba server
S 4.332 Secure configuration of the access controls for a Samba server
S 4.333 Secure configuration of Winbind under Samba
S 4.334 SMB message signing and Samba
S 4.335 Secure operation of a Samba server
S 4.337 Use of BitLocker drive encryption
S 4.338 Use of Windows Vista and Windows 7 File and Registry Virtualization
S 4.339 Prevention of unauthorised use of removable media in Windows Vista and Windows 7
S 4.340 Use of Windows User Account Control UAC in Windows Vista and higher
S 4.341 Integrity protection in Windows Vista and higher versions
S 4.342 Activation of the Last Access time stamp under Windows Vista and higher
S 4.344 Monitoring of Windows Vista, Windows 7 and Windows Server 2008 systems
S 4.345 Protection against undesired outflows of information
S 4.346 Secure configuration of virtual IT systems
S 4.347 Disabling of snapshots of virtual IT systems
S 4.348 Time synchronisation in virtual IT systems
S 4.349 Secure operation of virtual infrastructures
S 4.350 Secure basic configuration of a DNS server
S 4.352 Secure dynamic DNS updates
S 4.354 Monitoring of a DNS server
S 4.355 Rights management for groupware systems
S 4.356 Secure installation of groupware systems
S 4.357 Secure operation of groupware systems
S 4.358 Logging groupware systems
S 4.359 Overview of the web server components
S 4.360 Secure configuration of a web server
S 4.361 Secure configuration of web applications - not to apply
S 4.362 Secure configuration of Bluetooth
S 4.363 Secure operation of Bluetooth devices
S 4.364 Procedures regarding the disposal of Bluetooth devices
S 4.365 Use of a terminal server as graphical firewall
S 4.366 Secure configuration of moving user profiles in terminal server environments
S 4.367 Secure use of client applications for terminal servers
S 4.368 Regular audits of the terminal server environment
S 4.369 Secure operation of an answering machine
S 4.370 Use of Anoubis under Unix
S 4.371 Configuration of Mac OS X clients
S 4.372 Use of FileVault under Mac OS X
S 4.373 Deactivation of unnecessary hardware under Mac OS X
S 4.374 Access protection of user accounts under Mac OS X
S 4.375 Use of the sandbox function under Mac OS X
S 4.376 Specifying password policies under Mac OS X
S 4.377 Checking the Mac OS X signatures
S 4.378 Limiting access to programmes under Mac OS X
S 4.379 Secure data management and transport under Mac OS X
S 4.380 Use of Apple Software Restore under Mac OS X
S 4.381 Encryption of Exchange system databases
S 4.382 Selecting and checking the OpenLDAP installation packages
S 4.383 Secure installation of OpenLDAP
S 4.384 Secure configuration of OpenLDAP
S 4.385 Configuration of the database used by OpenLDAP
S 4.386 Restriction in attributes in OpenLDAP
S 4.387 Secure assignment of access rights to OpenLDAP
S 4.388 Secure authentication to OpenLDAP
S 4.389 Partitioning and replication in OpenLDAP
S 4.390 Secure updating of OpenLDAP
S 4.391 Secure operation of OpenLDAP
S 4.392 Authentication for web applications
S 4.393 Comprehensive input and output validation for web applications
S 4.394 Session management for web applications
S 4.395 Error handling by web applications
S 4.396 Protection against unauthorised automated use of web applications
S 4.397 Logging security-relevant events of web applications
S 4.398 Secure configuration of web applications
S 4.399 Controlled integration of data and content in web applications
S 4.400 Restrictive disclosure of security-related information in web applications
S 4.401 Protection of confidential data in web applications
S 4.402 Access control for web applications
S 4.403 Prevention of Cross-Site Request Forgery (CSRF, XSRF, Session Riding)
S 4.404 Secure design of the logic of web applications
S 4.405 Preventing resources (DoS) of web applications from being blocked
S 4.406 Prevention of clickjacking
S 4.407 Logging when using OpenLDAP
S 4.408 Overview of new security-relevant functions of Windows Server 2008
S 4.409 Purchasing of Windows Server 2008
S 4.410 Use of network access protection under Windows
S 4.411 Secure use of DirectAccess under Windows
S 4.412 Secure migration of Windows Server 2003 to Server 2008
S 4.413 Secure use of virtualisation using Hyper-V
S 4.414 Overview of new functions for Active Directory under Windows Server 2008 and higher
S 4.415 Secure operation of biometric authentication under Windows
S 4.416 Use of Windows Server Core
S 4.417 Patch Management with WSUS under Windows Server 2008 and higher
S 4.418 Planning the use of Windows Server 2008
S 4.419 Application control in Windows 7 and higher by means of AppLocker
S 4.420 Secure use of the Maintenance Center under Windows 7
S 4.421 Securing Windows PowerShell
S 4.422 Use of BitLocker To Go in Windows 7 and higher
S 4.423 Use of the homegroup function under Windows 7
S 4.424 Secure use of older software under Windows 7
S 4.425 Using the Safe and Cardspace functions in Windows 7
S 4.426 Archiving for the Lotus Notes/Domino environment
S 4.427 Security-relevant logging and evaluating for Lotus Notes/Domino
S 4.428 Audit of the Lotus Notes/Domino environment
S 4.429 Secure configuration of Lotus Notes/Domino
S 4.430 Analysing the logged data
S 4.431 Selecting and processing relevant information for logging
S 4.432 Secure configuration of server applications
S 4.433 Use of data medium encryption