Educause Security Discussion mailing list archives
Higher Ed Access to CIS Benchmarks and Scoring Tools
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Tue, 30 Nov 2004 11:47:23 -0700
I am pleased to announce that a new partnership between EDUCAUSE and the Center for Internet Security (CIS) entitles EDUCAUSE Institutional Members to download CIS Benchmarks and Software Tools for FREE (http://www.educause.edu/CISDownloadFiles/2634). To learn more, read the press release below. We are planning some outreach events over the next few months that will help equip colleges and universities to take advantage of the CIS benchmarks and scoring tools. I will apprise you of our plans once they are confirmed. In the meantime, I encourage you to share your experiences with other members of this Security Discussion Group or provide feedback to Security-Task-Force () educause edu. Sincerely, Rodney J. Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE 1150 18th Street, N.W., Suite 1010 Washington, D.C. 20036 (202) 331-5368 / (202) 872-4200 (202) 872-4318 (FAX) EDUCAUSE/Internet2 Security Task Force www.educause.edu/security -------------------------------------------------- FOR IMMEDIATE RELEASE CONTACT: Rodney Petersen Policy Analyst and Security Task Force Coordinator EDUCAUSE rpetersen () educause edu 202-331-5372 Peter DeBlois Director of Communications and Publishing EDUCAUSE pdeblois () educause edu 303-544-5665 Clint Kreitner President and CEO The Center for Internet Security ClintKreitner () aol com 540-459-1861 ******************************************** ACCESS TO SECURITY BENCHMARKS ENHANCED BY NEW HIGHER EDUCATION PARTNERSHIP ******************************************** November 30, 2004, Washington, D.C.--A new partnership between EDUCAUSE and the Center for Internet Security (CIS) will put more tools in the hands of colleges and universities in their efforts to improve cybersecurity. "EDUCAUSE is very pleased to facilitate our member institutions' access to resources to assess and measurably improve the security configuration of their IT systems and networks," said EDUCAUSE Vice President Mark Luker. The relationship between EDUCAUSE and CIS provides each EDUCAUSE institutional member with a free license to redistribute CIS benchmarks and software tools on college- and university-owned systems. In addition, the relationship entitles these members to redistribute CIS tools to students, faculty, and employees for use on computers they own. The requirements for redistribution to students, faculty, and employees are explained in documentation available at http://www.educause.edu/CISDownloadFiles/2634 This new partnership is one of several initiatives undertaken by the EDUCAUSE/Internet2 Computer and Network Security Task Force <http://www.educause.edu/security> in an effort to advance best security practices in higher education. "The CIS benchmarks have enabled Virginia Tech to verify that software addresses the SANS/FBI 20 Most Critical Internet Security Vulnerabilities and have justified our requirements for vendors," said Randy Marchany, director of the Virginia Tech Security Testing Lab. "CIS benchmarks and scoring tools provide colleges and universities with a simple way to measure the security of a computer system. The resulting score establishes a baseline value that can be linked to an institution's risk analysis requirement," Marchany observed. CIS develops consensus benchmarks for technical security controls that strengthen the configuration of operating systems, software applications, and network devices. CIS also develops software tools that enable users to compare the configuration of their systems with the benchmark recommendations. These resources are available to all users free of charge. Beyond this opportunity, the new partnership enables EDUCAUSE members to freely disseminate CIS benchmarks and scoring tools on their campuses, providing computer users with greater flexibility in applying and maintaining benchmark security configurations on their systems and networks. According to Clint Kreitner, president and CEO of CIS, "The educational community comprises a significant portion of the universe of computer users who connect their systems to the Internet. This agreement represents an important step toward making the Internet a safer place for everyone, so we are pleased to be working with EDUCAUSE toward that end." Through this relationship, EDUCAUSE and CIS are also partnering to: * Encourage the adoption and deployment of widely accepted, consensus- based technical control standards (benchmarks) for system security configuration in colleges and universities. * Establish technical control baselines that can be presented to software vendors and hardware suppliers as default security configurations for systems that colleges and universities purchase. * Expand participation in the CIS consensus-development process by security specialists in EDUCAUSE member institutions to ensure that the unique needs of colleges and universities are met. ### *************** ABOUT EDUCAUSE EDUCAUSE is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. The current membership comprises more than 1,900 colleges, universities, and educational organizations, including 200 corporations, with 15,000 active members. EDUCAUSE has offices in Boulder, Colorado, and Washington, D.C. Learn more about EDUCAUSE at http://www.educause.edu/ **************** ABOUT INTERNET2 Led by more than 200 U.S. universities, working with industry and government, Internet2 develops and deploys advanced network applications and technologies for research and higher education, accelerating the creation of tomorrow's Internet. Internet2 recreates the partnerships among academia, industry, and government that helped foster today's Internet in its infancy. For more information, see http://www.internet2.edu/ *************************************** ABOUT THE CENTER FOR INTERNET SECURITY The Center for Internet Security (CIS) helps organizations around the world effectively manage the risks related to information security. CIS provides methods and tools to improve, measure, monitor, and compare the security status of Internet-connected systems and appliances. For more information, see http://www.cisecurity.org/ ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Higher Ed Access to CIS Benchmarks and Scoring Tools Rodney Petersen (Nov 30)