Description should include OS, application, and hardware, including
identifying and removing unneeded items (e.g., software, open ports, accounts, roles, services)
identifying vulnerability scans
identifying endpoint security software.