Understanding and Implementing Host Hardening Policy Requirements

This article explains key requirements for host hardening policies, particularly for cloud-based infrastructure and remote access.

Remote Access Session Requirements

• Remote access can be implemented through VPN or zero trust solutions

• Session timeout must be:

  • Minimum: Greater than 2 hours

  • Maximum: Less than 24 hours

Server and Virtual Machine Coverage

Host hardening policies apply to cloud-based compute resources, including:

• AWS services (EC2, ECS)

• Azure virtual machines

• Google Cloud Platform instances

• Other cloud provider compute resources (e.g., Scaleway, OVH)

Logging Requirements

Policy compliance can be demonstrated through either:

• Application logs

• Infrastructure logs