The best way of Operation System/Service/Network Hardening

The goal of this process is providing more security to the IT infrastructure, but in the process of hardening, sometimes there are some items in the checklists, that can put the availability of our system in jeopardy.
A brief google search, shows there are tons of hardening checklist and documents, but I want to know the hardening process of Its infrastructure has a framework or standard or it is best-practice and When will we be sure that what we have done is good enough?