The nice folks over CIS does a yearly security benchmark of every major OS. They provide a nice guide on how the benchmark is conducted and how to remediate known issues.
This looks interesting. Is CIS a non-profit? Should I be worried giving them my information to download their benchmarks or can I get the guide a different way?