Re: CIS Benchmark for Windows XP and New Windows Scoring Tool

[Melissa Guenther <mguenther () COX NET>]

Unable to access it from home - another option is at http://www.cisecurity
org/sub_form.html 
 
-------Original Message-------
 
From: The EDUCAUSE Security Discussion Group Listserv
Date: 04/02/04 08:39:58
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] CIS Benchmark for Windows XP and New Windows Scoring
Tool
 
The Center for Internet Security has announced the public release of a new
Benchmark for Windows XP Professional and an updated Windows Scoring Tool. 
Both the Benchmark and the Scoring Tool are available for download, free of
charge, from the CIS web site, www.cisecurity.org.
CIS Benchmarks specify technical security controls that strengthen a system
s defenses against malicious attacks.  The Benchmarks are unique because
security professionals from around the world contribute to the consensus
security configuration recommendtions.  This group of security professionals
included representatives from institutions of higher education, government,
and industry, as well as participating software vendors.
CIS Scoring Tools evaluate host systems, comparing their security
configurations against the Benchmarks.  They produce easy to understand
reports that rate system security on a simple numeric scale.
The CIS Benchmark for Windows XP Professional contains four levels of
technical control settings intended for use in XP Professional systems,
enabling users to choose the consensus security configuration most
appropriate for their particular environments.  The four names and security
level definitions are consistent with Microsoft's published security
configuration guides:  LEGACY, ENTERPRISE STANDALONE, ENTERPRISE LAPTOP, and
HIGH.
In addition to these security resources for Windows XP Professional, CIS
also distributes consensus Benchmark and Scoring Tools free of charge for
Windows 2000 and NT, Solaris, Linux and HP-UX operating systems, as well as
Cisco Router IOS and Oracle Database.
There is further discussion of adapting CIS benchmarks to higher education
environments in the Effective Security Practices Guide (http://www.educause
edu/security/guide/NetworkandHostSecurityImplementationstage1.asp) under the
subject heading "Configuration and Patch Management Tools".
CIS has also developed a benchmark for Windows XP Home for home or dorm
users that is not available for public release.  The Security Task Force is
exploring with CIS the applicability of the benchmarks within institutions
of higher education and how to formalize a relationship between the two
entities.
I welcome your feedback or discussion on this list of your experiences in
the use of CIS Benchmarks and Tools and the desirability of more wide-spread
use of CIS resources in college and university environments.
Thanks, 
Rodney Petersen 
Security Task Force Coordinator, EDUCAUSE 
 

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.