Infrastructure Hardening
What This Requires
Harden infrastructure hosting AI systems: patch OS/containers monthly, enforce least privilege IAM, enable encryption at rest and in transit, disable unnecessary services, and audit security group rules quarterly.
Why It Matters
Vulnerable infrastructure undermines application security. Attackers exploit unpatched servers to steal models, exfiltrate data, or disrupt service. Hardening reduces attack surface.
How To Implement
Patch Management
Schedule monthly patching for OS, containers, and dependencies. Use automated tools (AWS Systems Manager, Azure Update Management). Test patches in staging before prod.
Least Privilege IAM
Grant minimum required permissions. Use service accounts, not root/admin. Review IAM policies quarterly and revoke unused permissions.
Encryption
Enable encryption at rest (disk encryption, S3 SSE, database TDE). Enforce TLS 1.2+ for all network traffic. Rotate encryption keys annually.
Disable Unnecessary Services
Disable unused ports/services (SSH only from bastion, no public database access). Use security groups/firewalls to enforce.
Evidence & Audit
- Patch management schedule and completion records
- IAM policy documentation with least privilege review dates
- Encryption configuration (disk, TLS, key rotation)
- Security group/firewall rules with quarterly audit records
- Vulnerability scan reports showing low critical/high findings