CIS Releases Security Benchmark For Microsoft Windows 7 And Windows Server 2008CIS Releases Security Benchmark For Microsoft Windows 7 And Windows Server 2008
User-driven security configuration standards encourage safer security practices
April 7, 2010
Washington, DC " April 6, 2010 " The Center for Internet Security (CIS) today announced the public release of its consensus security benchmarks for Microsoft Windows' 7 and Microsoft Windows Server'2008. The new benchmarks provide prescriptive controls guides for securely configuring these widely used operating systems that power both personal computers and business systems. The benchmarks are available as free downloads at www.cisecurity.org.
"Security configuration benchmarks for the Microsoft Windows platform continue to be in high demand by our community," said Blake Frantz, chief technology officer for CIS. "The CIS benchmarks provide detailed how-to guidelines to ensure that the remote attack surface of the system is reduced, sensitive activities are logged, and the overall security posture of the system is sound."
Windows 7 is Microsoft's new operating system for desktop and mobile computers and has acquired approximately 10 percent of the desktop market share to date. Microsoft has reported that over 140 million licenses have been distributed. Windows Server 2008 is the Microsoft operating system most extensively used by enterprises for their IT services and business systems.
Joe McGinley, Information Security Director for SITA, a worldwide leader in air transport communications and information technology solutions, says "the Microsoft Windows 7 and Microsoft Windows Server 2008 benchmarks are additional examples of how CIS supports companies with adopting latest market 'technology' while maintaining a secure and robust environment. Having a sound foundation upon which to build a secure solution is absolutely critical and is a core requirement in the development process of airline solutions and product offerings from SITA."
"SITA's objectives are aligned with widely accepted security standards, such as ISO 27002 and the Payment Card Industry (PCI). The CIS benchmarks help to meet basic requirements in each of these standards and are, in fact, called out by example as possible controls. The CIS benchmarks help to mitigate the exposure and impact of negative events that could affect the confidentiality, integrity, and availability of the company's and customer's data and information processing capabilities. Building secure solution and systems demonstrates to the Air Transport Industry (ATI) that protecting customer data is critical to SITA - and this is the reason for the company to leverage the CIS expertise and provided resources," added McGinley.
The CIS benchmarks for Microsoft Windows 7 and Windows Server 2008 provide recommendations in 13 security categories including:
Detailed Audit Policy
User Account Control (UAC)
Additional Security Settings
The CIS Public-Private Collaboration Process
CIS benchmarks are developed through a consensus review process involving hundreds of volunteer subject matters experts. Consensus participants provide perspective form a diverse set of backgrounds including consulting, software development, audit and compliance, security research, security operations, government and legal.
By using the benchmarks, security professionals save tens of thousands of dollars in developing custom policies and avoid reinventing the wheel. Further, they enable compliance with the configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.
The Center for Internet Security (CIS) is a non-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls, and provides enterprises with resources for measuring information security status and making rational security investment decisions. CIS develops and distributes consensus-based benchmarks for secure configuration of operating systems, software applications and network devices. The consensus security configuration benchmarks are downloaded more than one million times a year, and are globally accepted as user-originated, de facto standards. More than 150 leading corporations, government entities, universities and security organizations are CIS members. For more information, visit http://www.cisecurity.org.
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
2022 Insurance Industry Cyber Threat Landscape Report
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report