Earn Continuing Professional Education (CPE) credits at no cost while learning how configuration management and system hardening reduce risk, improve resilience, and support compliance across modern IT environments.
This free course provides a practical introduction to configuration baselines, CIS Benchmarks, DISA STIGs, and real-world techniques for maintaining secure, defensible system configurations.
Module 1 introduces the foundational concepts of configuration management and system hardening, explaining why consistent, secure configurations are critical to cybersecurity operations. It establishes key terminology, objectives, and expectations for the course, and frames configuration management as an ongoing operational discipline—not a one-time technical task. This module sets the stage for understanding how hardened baselines reduce risk, improve resilience, and support effective incident response.
Module 2 explains what configuration compliance means in practice and why organizations rely on standardized baselines to reduce risk and maintain consistency at scale. It introduces the concept of a “known good” configuration and how baselines support repeatability, auditability, and faster detection of drift. This module sets up the rest of the course by showing how compliance expectations translate into real operational requirements.
Module 3 focuses on common configuration benchmarks and hardening standards used across IT and cybersecurity programs. It explains how frameworks such as CIS Benchmarks and DISA STIGs are developed, what they are intended to achieve, and how organizations use them as starting points rather than one-size-fits-all solutions. This module helps learners understand how to select and apply benchmarks in a practical, risk-informed way.
Module 4 focuses on scanning systems for configuration compliance to verify that hardened baselines are actually in place and to detect drift over time. It explains how compliance scans compare real-world settings against standards such as CIS Benchmarks and DISA STIGs, and what the results typically tell you about gaps and risk. This module helps learners understand how to interpret findings and use them to prioritize practical remediation.
Module 5 focuses on maintaining configuration baselines over time and using them effectively during incident response. It explains how known-good configurations help teams quickly identify unauthorized changes, reduce uncertainty during investigations, and accelerate system recovery. This module reinforces why configuration management is not a one-time effort, but a foundational capability for both security operations and incident response.
Module 6 focuses on applying configuration management and system hardening concepts in smaller or resource-constrained environments. It explains how tools such as CIS-CAT Lite can be used to assess systems against benchmarks and identify high-impact configuration gaps without enterprise tooling. This module reinforces that effective configuration management is achievable at any size when approached pragmatically and with the right priorities.
Module 7 focuses on using the DISA SCAP tool to assess system compliance with DISA STIGs. It explains how to obtain and set up the tool, use the STIG Viewer, and review compliance results in a structured way. This module provides practical exposure to performing STIG-based assessments to support stronger configuration management and cybersecurity posture.
Test your knowledge after taking our course!
In this course, you’ll learn how configuration management and system hardening support effective cybersecurity operations and compliance efforts. Topics covered include:
The role of configuration management in reducing cyber risk
How industry benchmarks like CIS Benchmarks and DISA STIGs are used in practice
Techniques for creating, maintaining, and validating secure system baselines
How configuration compliance supports audits, incident response, and recovery
Practical approaches to scanning systems for compliance using automated tools
This course is designed for cybersecurity professionals, IT administrators, students, and leaders seeking a practical, foundational understanding of configuration compliance.
Meet Your Instructor
MS, CAWFE, CEH, CFCE, CHFI, CISSP, CNDA, DFCP, GCFA, GCFR, GCIA, GIME, GSEC
Josh Moulin is a cybersecurity leader with over 20 years of experience protecting critical systems and advising organizations worldwide. He began his career in law enforcement, where he led a cybercrimes task force and a digital forensics lab, pioneering efforts to combat cyber crime. Later, Josh served as a CIO and CISO in the U.S. nuclear weapons complex and as Senior Vice President of Operations at the Center for Internet Security (CIS), where he collaborated with DHS and CISA to secure U.S. state, local, tribal, territorial (SLTT), and election organizations through the MS-ISAC and EI-ISAC. He also served as an Executive Partner at Gartner, advising federal and military leaders on strategic cybersecurity initiatives.
In addition to founding Natsar, LLC, a cybersecurity consulting firm, Josh is adjunct faculty teaching university courses on cybersecurity and digital forensics. With a Master’s in Information Security and Assurance and numerous certifications, Josh’s highly rated courses draw from real-world expertise to equip learners with the tools to navigate today’s complex cybersecurity landscape.
You've got questions. We've got answers.
Yes. This is a no-cost course designed to provide practical training and help you earn Continuing Professional Education (CPE) credits.
Yes. After you complete the course, you’ll receive a completion certificate you can retain as documentation for CPE submission.
Yes. Natsar delivers customized training for individuals and organizations across a wide range of cybersecurity and digital forensics topics. If you’re interested, contact us at [email protected].