The scope of infrastructure security testing covers the known vulnerable components inspection, secure configurations, and secure communication protocols. In addition to the uses of tools, the industry organization best practices, including CIS benchmarks, STIG, and OpenSCAP are also introduced.