System hardening is the process of reducing the attack surface of a system by removing unnecessary software, services, accounts and configurations, and applying security best practices to the remaining components. This includes disabling default accounts, closing unused ports, applying the principle of least privilege, enabling audit logging and keeping systems patched with the latest security updates.
Hardening is a foundational security control required by virtually every compliance framework, including ISO 27001, CIS Benchmarks and SOC 2. Organisations should establish standardised hardening baselines for each technology in their environment and use automated configuration management tools to enforce and verify compliance with these baselines across all systems on an ongoing basis.