CIS Benchmark for Windows XP and New Windows Scoring Tool

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

The Center for Internet Security has announced the public release of a
new Benchmark for Windows XP Professional and an updated Windows Scoring
Tool.  Both the Benchmark and the Scoring Tool are available for
download, free of charge, from the CIS web site, www.cisecurity.org.

CIS Benchmarks specify technical security controls that strengthen a
system's defenses against malicious attacks.  The Benchmarks are unique
because security professionals from around the world contribute to the
consensus security configuration recommendtions.  This group of security
professionals included representatives from institutions of higher
education, government, and industry, as well as participating software
vendors.

CIS Scoring Tools evaluate host systems, comparing their security
configurations against the Benchmarks.  They produce easy to understand
reports that rate system security on a simple numeric scale.

The CIS Benchmark for Windows XP Professional contains four levels of
technical control settings intended for use in XP Professional systems,
enabling users to choose the consensus security configuration most
appropriate for their particular environments.  The four names and
security level definitions are consistent with Microsoft's published
security configuration guides:  LEGACY, ENTERPRISE STANDALONE,
ENTERPRISE LAPTOP, and HIGH.

In addition to these security resources for Windows XP Professional, CIS
also distributes consensus Benchmark and Scoring Tools free of charge
for Windows 2000 and NT, Solaris, Linux and HP-UX operating systems, as
well as Cisco Router IOS and Oracle Database.

There is further discussion of adapting CIS benchmarks to higher
education environments in the Effective Security Practices Guide
(http://www.educause.edu/security/guide/NetworkandHostSecurityImplementa
tionstage1.asp) under the subject heading "Configuration and Patch
Management Tools".

CIS has also developed a benchmark for Windows XP Home for home or dorm
users that is not available for public release.  The Security Task Force
is exploring with CIS the applicability of the benchmarks within
institutions of higher education and how to formalize a relationship
between the two entities.

I welcome your feedback or discussion on this list of your experiences
in the use of CIS Benchmarks and Tools and the desirability of more
wide-spread use of CIS resources in college and university environments.

Thanks,

Rodney Petersen
Security Task Force Coordinator, EDUCAUSE

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.