ASD's Blueprint for Secure Cloud

Server Application Hardening

This page provides a template and guidance to assist organisations in documenting their approach to server application hardening associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

Due to the number of applicable controls in ASD’s Guidelines for System Hardening, guidance on system hardening has been split into its five sections for the purpose of this SSP.


This section of the SSP is applicable to application hardening of applications on on-premises Active Directory and Exchange servers within the system boundary of <SYSTEM-NAME>.


Organisational policies and processes implemented

All vendors of server applications used within <SYSTEM-NAME> have been assessed by <ORGANISATION-NAME> as demonstrating a commitment to secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, secure programming practices, and maintaining the security of their products.


Technical controls implemented

Technical controls for hardening of Entra Connect and Exchange Hybrid Configuration Wizard within <SYSTEM-NAME> are configured with reference to ASD’s Blueprint for Secure Cloud and includes the following technical configurations:


Security & Governance


External documentation

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra