Burn the Osiris source to read-only media, and verify the PGP signature before building installer packages.

Establish dedicated building environments so that your installer packages can be trusted, and so that you can easily build trusted updates or make changes to your installers.

Burn all installer packages to read-only media before your deploy them, so that you have a copy of what you have deployed that is free from tampering.

Pre-provision all of your scan agents with root certificates so that way they trust only a specific management console out of the box.

Always test your scan agents before you deploy them.

The management console manages all of the information about monitored hosts; guard this host with your life.

The management console should be a dedicated system that does not run any services except for what is needed for the function of the console.

After installation, make certain you understand and configure the console according to your needs and requirements for logging, notifications, users, and access control.

The Osiris command-line interface is used to configure your console, and interact with your deployed scan agents.

Ideally, the CLI should be run from only the console host; however, you can log in to your console from remote hosts if necessary.

Scan agents collect information from your host environments and securely report on that information to the console; the gathered information is never stored...