||Hardening OSs for OAM&P: Service Providers, Network Operators, and Equipment Suppliers with devices equipped with operating systems used for OAM&P should have operating system hardening procedures applied. Harding procedures include (a) all unnecessary services are disabled; (b) all unnecessary communications pathways are disabled; (c) all critical security patches have been evaluated for installations on said systems/applications; and d) review and implement published hardening guidelines, as appropriate. Where critical security patches cannot be applied, compensating controls should be implemented.
||Service Provider; Network Operator; Equipment Supplier
||Cyber Security;Network Design;Network Elements;Network Operations;
||Configuration guides for security from NIST (800-53 Rev. 3), NSA (Security Configuration Guides), Center For Internet Security (CIS Benchmarks), http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations.