Educause Security Discussion mailing list archives
Re: CIS Benchmark for Windows XP and New Windows Scoring Tool
From: Melissa Guenther <mguenther () COX NET>
Date: Fri, 2 Apr 2004 08:55:02 -0700
Unable to access it from home - another option is at http://www.cisecurity org/sub_form.html -------Original Message------- From: The EDUCAUSE Security Discussion Group Listserv Date: 04/02/04 08:39:58 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] CIS Benchmark for Windows XP and New Windows Scoring Tool The Center for Internet Security has announced the public release of a new Benchmark for Windows XP Professional and an updated Windows Scoring Tool. Both the Benchmark and the Scoring Tool are available for download, free of charge, from the CIS web site, www.cisecurity.org. CIS Benchmarks specify technical security controls that strengthen a system s defenses against malicious attacks. The Benchmarks are unique because security professionals from around the world contribute to the consensus security configuration recommendtions. This group of security professionals included representatives from institutions of higher education, government, and industry, as well as participating software vendors. CIS Scoring Tools evaluate host systems, comparing their security configurations against the Benchmarks. They produce easy to understand reports that rate system security on a simple numeric scale. The CIS Benchmark for Windows XP Professional contains four levels of technical control settings intended for use in XP Professional systems, enabling users to choose the consensus security configuration most appropriate for their particular environments. The four names and security level definitions are consistent with Microsoft's published security configuration guides: LEGACY, ENTERPRISE STANDALONE, ENTERPRISE LAPTOP, and HIGH. In addition to these security resources for Windows XP Professional, CIS also distributes consensus Benchmark and Scoring Tools free of charge for Windows 2000 and NT, Solaris, Linux and HP-UX operating systems, as well as Cisco Router IOS and Oracle Database. There is further discussion of adapting CIS benchmarks to higher education environments in the Effective Security Practices Guide (http://www.educause edu/security/guide/NetworkandHostSecurityImplementationstage1.asp) under the subject heading "Configuration and Patch Management Tools". CIS has also developed a benchmark for Windows XP Home for home or dorm users that is not available for public release. The Security Task Force is exploring with CIS the applicability of the benchmarks within institutions of higher education and how to formalize a relationship between the two entities. I welcome your feedback or discussion on this list of your experiences in the use of CIS Benchmarks and Tools and the desirability of more wide-spread use of CIS resources in college and university environments. Thanks, Rodney Petersen Security Task Force Coordinator, EDUCAUSE ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- CIS Benchmark for Windows XP and New Windows Scoring Tool Rodney Petersen (Apr 02)
- <Possible follow-ups>
- Re: CIS Benchmark for Windows XP and New Windows Scoring Tool Melissa Guenther (Apr 02)