Cybersecurity Standards in the Context of Operating System: Practical Aspects, Analysis, and Comparisons

Cyber threats have been growing tremendously in recent years. There are significant advancements in the threat space that have led towards an essential need for the strengthening of digital infrastructure security. Better security can be achieved by fine-tuning system parameters to the best and optimized security levels. For the protection of infrastructure and information systems, several guidelines have been provided by wellknown organizations in the form of cybersecurity standards. Since security vulnerabilities incur a very high degree of financial, reputational, informational, and organizational security compromise, it is imperative that a baseline for standard compliance be established. The selection of security standards and extracting requirements from those standards in an organizational context is a tedious task. This article presents a detailed literature review, a comprehensive analysis of various cybersecurity standards, and statistics of cyber-attacks related to operating systems (OS). In addition to that, an explicit comparison between the frameworks, tools, and software available for OS compliance testing is provided. An in-depth analysis of the most common software solutions ensuring compliance with certain cybersecurity standards is also presented. Finally, based on the cybersecurity standards under consideration, a comprehensive set of minimum requirements is proposed for OS hardening and a few open research challenges are discussed.

Automated summary

In recent years, there has been a significant increase in cyber threats, highlighting the need to strengthen digital infrastructure security. This article presents a detailed analysis of various cybersecurity standards and provides a comparison of frameworks, tools, and software for OS compliance testing. It also explores common software solutions that ensure compliance with cybersecurity standards. The article concludes by proposing a comprehensive set of minimum requirements for OS hardening based on the considered cybersecurity standards and discussing open research challenges.