In service outsourcing / delivery area, often we are being asked “WHAT is your company’s best practice for security?”, “Does your side has any existing guidelines / templates for securing the servers?”
OK, no need to worry. DoD of US has published a number of guidelines in their database. It is categorized into applications, operating systems, web browser etc. You just need to worry that some of these guidelines are not in a human-readable format and probably need some tricks to open using Excel because some are in XML format. Check it out here:
https://web.nvd.nist.gov/view/ncp/repository
