CIS Releases Security Benchmark For Microsoft Windows 7 And Windows Server 2008
User-driven security configuration standards encourage safer security practices
April 7, 2010
PRESS RELEASE
Washington, DC " April 6, 2010 " The Center for Internet Security (CIS) today announced the public release of its consensus security benchmarks for Microsoft Windows' 7 and Microsoft Windows Server'2008. The new benchmarks provide prescriptive controls guides for securely configuring these widely used operating systems that power both personal computers and business systems. The benchmarks are available as free downloads at www.cisecurity.org.
"Security configuration benchmarks for the Microsoft Windows platform continue to be in high demand by our community," said Blake Frantz, chief technology officer for CIS. "The CIS benchmarks provide detailed how-to guidelines to ensure that the remote attack surface of the system is reduced, sensitive activities are logged, and the overall security posture of the system is sound."
Windows 7 is Microsoft's new operating system for desktop and mobile computers and has acquired approximately 10 percent of the desktop market share to date. Microsoft has reported that over 140 million licenses have been distributed. Windows Server 2008 is the Microsoft operating system most extensively used by enterprises for their IT services and business systems.
Joe McGinley, Information Security Director for SITA, a worldwide leader in air transport communications and information technology solutions, says "the Microsoft Windows 7 and Microsoft Windows Server 2008 benchmarks are additional examples of how CIS supports companies with adopting latest market 'technology' while maintaining a secure and robust environment. Having a sound foundation upon which to build a secure solution is absolutely critical and is a core requirement in the development process of airline solutions and product offerings from SITA."
"SITA's objectives are aligned with widely accepted security standards, such as ISO 27002 and the Payment Card Industry (PCI). The CIS benchmarks help to meet basic requirements in each of these standards and are, in fact, called out by example as possible controls. The CIS benchmarks help to mitigate the exposure and impact of negative events that could affect the confidentiality, integrity, and availability of the company's and customer's data and information processing capabilities. Building secure solution and systems demonstrates to the Air Transport Industry (ATI) that protecting customer data is critical to SITA - and this is the reason for the company to leverage the CIS expertise and provided resources," added McGinley.
The CIS benchmarks for Microsoft Windows 7 and Windows Server 2008 provide recommendations in 13 security categories including:
Account Policies
Audit Policy
Detailed Audit Policy
Event Log
Windows Firewall
Windows Update
User Account Control (UAC)
User Rights
Security Options
Terminal Services
Internet Communication
Additional Security Settings
User Policies
The CIS Public-Private Collaboration Process
CIS benchmarks are developed through a consensus review process involving hundreds of volunteer subject matters experts. Consensus participants provide perspective form a diverse set of backgrounds including consulting, software development, audit and compliance, security research, security operations, government and legal.
By using the benchmarks, security professionals save tens of thousands of dollars in developing custom policies and avoid reinventing the wheel. Further, they enable compliance with the configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.
About CIS
The Center for Internet Security (CIS) is a non-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls, and provides enterprises with resources for measuring information security status and making rational security investment decisions. CIS develops and distributes consensus-based benchmarks for secure configuration of operating systems, software applications and network devices. The consensus security configuration benchmarks are downloaded more than one million times a year, and are globally accepted as user-originated, de facto standards. More than 150 leading corporations, government entities, universities and security organizations are CIS members. For more information, visit http://www.cisecurity.org.
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024