Hardening is the process of configuring a system to minimize its attack surface. This includes disabling unnecessary services, removing default passwords, and restricting permissions. A hardened configuration follows recognized benchmarks such as CIS or BSI recommendations. Within your ISMS, you define hardening guidelines for servers, clients, and network devices. Automated configuration checks help you detect deviations from the baseline early. Hardening is one of the most effective preventive controls because it eliminates attack vectors before they can be exploited.