4 Secure Deployment Checklist

The following security checklist includes guidelines that help secure your device:

• Ensure the workstation is physically and securely mounted to a stationary object.

• Ensure all covers and security screws are installed.

• Monitor system access.

• Use Secure Boot.

• Disable unused external I/O ports.

• Enforce access controls effectively.

  • Lock and expire default or temporary user accounts used during installation.

  • Enforce password management.

  • Practice the principle of least privilege.

  • Grant necessary privileges only.

  • Do not use administrator accounts for daily operations.

  • Ensure unnecessary network shares have been removed.

• Only install system components required for the use case.

• Ensure remote access software has been disabled.

• Use a firewall to restrict network access.

• Use malware protection software.

• Use drive encryption to protect data at rest.

• Ensure the system receives operating system updates automatically.

• Ensure the system receives virus definition updates automatically.