Re: Windows Secure Build Checklist

[rohnskii () gmail com]

This is not a Windows checklist, but it could be adapted for the high level (generic) concepts it proposes.

http://www.mass.gov/?pageID=ocatopic&L=3&L0=Home&L1=Business&L2=Identity+Theft&sid=Eoca - this is a page of links 
relating to the new Massachusetts dat security law 201 CMR 17.00.  The two items I looked at specifically were:

# Small Business Guide for Formulating a Comprehensive Written Information Security Program PDF

# 201 CMR 17.00 Compliance Checklist PDF
 
After a quick read, there are some interesting provisions such as:
 "data security coordinator shall maintain a highly secured master list of all lock combinations, passwords and keys" 
(all passwords???)  

 "current employee's user-ID's and passwords must be changed periodically" (??? user-ID's???)

 "visitor access must be restricted to one entry point ... shall not be permitted to visit unescorted ..."  (gee, most 
of the office buildings I've worked in have more than one access point that could be used by visitors)