Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Higher Ed Access to CIS Benchmarks and Scoring Tools

From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Tue, 30 Nov 2004 11:47:23 -0700
I am pleased to announce that a new partnership between EDUCAUSE and the
Center for Internet Security (CIS) entitles EDUCAUSE Institutional
Members to download CIS Benchmarks and Software Tools for FREE
(http://www.educause.edu/CISDownloadFiles/2634). To learn more, read the
press release below.

We are planning some outreach events over the next few months that will
help equip colleges and universities to take advantage of the CIS
benchmarks and scoring tools.  I will apprise you of our plans once they
are confirmed.  In the meantime, I encourage you to share your
experiences with other members of this Security Discussion Group or
provide feedback to Security-Task-Force () educause edu.

Sincerely,
 
Rodney J. Petersen
Policy Analyst & Security Task Force Coordinator

EDUCAUSE 
1150 18th Street, N.W., Suite 1010
Washington, D.C.  20036
(202) 331-5368 / (202) 872-4200 
(202) 872-4318 (FAX) 
EDUCAUSE/Internet2 Security Task Force
www.educause.edu/security 
-------------------------------------------------- 

FOR IMMEDIATE RELEASE

CONTACT:
Rodney Petersen
Policy Analyst and Security Task Force Coordinator EDUCAUSE
rpetersen () educause edu
202-331-5372

Peter DeBlois
Director of Communications and Publishing EDUCAUSE pdeblois () educause edu
303-544-5665

Clint Kreitner
President and CEO
The Center for Internet Security
ClintKreitner () aol com
540-459-1861

********************************************
ACCESS TO SECURITY BENCHMARKS ENHANCED BY
  NEW HIGHER EDUCATION PARTNERSHIP
********************************************

November 30, 2004, Washington, D.C.--A new partnership between EDUCAUSE
and the Center for Internet Security (CIS) will put more tools in the
hands of colleges and universities in their efforts to improve
cybersecurity. "EDUCAUSE is very pleased to facilitate our member
institutions' access to resources to assess and measurably improve the
security configuration of their IT systems and networks," said EDUCAUSE
Vice President Mark Luker.

The relationship between EDUCAUSE and CIS provides each EDUCAUSE
institutional member with a free license to redistribute CIS benchmarks
and software tools on college- and university-owned systems. In
addition, the relationship entitles these members to redistribute CIS
tools to students, faculty, and employees for use on computers they own.
The requirements for redistribution to students, faculty, and employees
are explained in documentation available at
http://www.educause.edu/CISDownloadFiles/2634

This new partnership is one of several initiatives undertaken by the
EDUCAUSE/Internet2 Computer and Network Security Task Force
<http://www.educause.edu/security> in an effort to advance best security
practices in higher education. "The CIS benchmarks have enabled Virginia
Tech to verify that software addresses the SANS/FBI 20 Most Critical
Internet Security Vulnerabilities and have justified our requirements
for vendors," said Randy Marchany, director of the Virginia Tech
Security Testing Lab. "CIS benchmarks and scoring tools provide colleges
and universities with a simple way to measure the security of a computer
system. The resulting score establishes a baseline value that can be
linked to an institution's risk analysis requirement," Marchany
observed.

CIS develops consensus benchmarks for technical security controls that
strengthen the configuration of operating systems, software
applications, and network devices. CIS also develops software tools that
enable users to compare the configuration of their systems with the
benchmark recommendations. These resources are available to all users
free of charge. Beyond this opportunity, the new partnership enables
EDUCAUSE members to freely disseminate CIS benchmarks and scoring tools
on their campuses, providing computer users with greater flexibility in
applying and maintaining benchmark security configurations on their
systems and networks.

According to Clint Kreitner, president and CEO of CIS, "The educational
community comprises a significant portion of the universe of computer
users who connect their systems to the Internet. This agreement
represents an important step toward making the Internet a safer place
for everyone, so we are pleased to be working with EDUCAUSE toward that
end."

Through this relationship, EDUCAUSE and CIS are also partnering to:
* Encourage the adoption and deployment of widely accepted, consensus-
  based technical control standards (benchmarks) for system security
  configuration in colleges and universities.
* Establish technical control baselines that can be presented to
  software vendors and hardware suppliers as default security
  configurations for systems that colleges and universities purchase.
* Expand participation in the CIS consensus-development process by
  security specialists in EDUCAUSE member institutions to ensure that
  the unique needs of colleges and universities are met.

###

***************
ABOUT EDUCAUSE
EDUCAUSE is a nonprofit association whose mission is to advance higher
education by promoting the intelligent use of information technology.
The current membership comprises more than 1,900 colleges, universities,
and educational organizations, including 200 corporations, with 15,000
active members. EDUCAUSE has offices in Boulder, Colorado, and
Washington, D.C. Learn more about EDUCAUSE at http://www.educause.edu/

****************
ABOUT INTERNET2
Led by more than 200 U.S. universities, working with industry and
government, Internet2 develops and deploys advanced network applications
and technologies for research and higher education, accelerating the
creation of tomorrow's Internet. Internet2 recreates the partnerships
among academia, industry, and government that helped foster today's
Internet in its infancy. For more information, see
http://www.internet2.edu/

***************************************
ABOUT THE CENTER FOR INTERNET SECURITY
The Center for Internet Security (CIS) helps organizations around the
world effectively manage the risks related to information security. CIS
provides methods and tools to improve, measure, monitor, and compare the
security status of Internet-connected systems and appliances. For more
information, see http://www.cisecurity.org/

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: