A document that contains instructions or procedures for configuring an IT product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized configuration changes to the product. Also referred to as a security configuration checklist, lockdown guide, hardening guide, security guide, security technical implementation guide (STIG), or benchmark.
Sources:
NIST SP 800-70 Rev. 4
An organized collection of rules about a particular kind of system or platform.
Sources:
NISTIR 7275 Rev. 4