FOR
IMMEDIATE RELEASE Contact: Clint Kreitner, The
Center for Internet Security
540-459-1861; cell: 540-270-8312
Paisley Page, Nahigian Strategies
703-567-6996; Cell 202-368-8778
Government and Industry Agree on Recommended
Baseline Security Settings for Windows 2000 Professional Workstations
The
collaborative effort involved Microsoft Windows security experts from the
General Services Administration (GSA), National Institute of Standards and
Technology (NIST), Defense Information Systems Agency (DISA), National Security
Agency (NSA), System Administration, Networking and Security
(SANS) Institute, members of the Center for Internet Security (CIS) and review
of the draft standards by Microsoft Corp. Implementation of these settings will help
organizations reach an enhanced level of security in their Windows 2000-based
workstations.
“This
is an example of a public-private partnership that can help government agencies
and corporations better secure their systems against cyber attack,” said
Richard Clarke, Special Advisor to the President on Cyberspace Security.
“As the President has said, we are facing threats from an
invisible enemy that will use every means to attack our technological
infrastructure,” said GSA Administrator Stephen A. Perry. "We at GSA have
been working to do our part to prevent any disruption to government information
systems. This partnership is one of the many positive efforts between business
and government to help better the security on cyber-based systems.”
Many
security breaches are caused by software that runs workstations, servers,
routers, firewalls, switches, and other network devices that have not been
properly configured with the appropriate security settings.
Until
today, there was no broad user consensus for communicating desired security
settings to vendors. Now, this consensus
baseline enables users to order, and Original Equipment Manufacturers (OEMs) to
begin shipping, Windows 2000 Professional systems with an enhanced level of
security in place before they arrive at the customer’s loading dock.
“Computer
security is absolutely necessary as we move forward in the technological age
and work to protect our nation from both internal and external threats,” said
Scott Charney, chief security strategist at Microsoft Corp. “We are proud to work
with partners in government and industry to produce a safer cyber-environment,
and we look forward to additional projects like this in the future.”
In
response to the new baseline security settings, CIS (at cisecurity.org) is
making available free of charge both a Windows 2000 Professional Baseline
Benchmark and a Scoring Tool which enables users to ensure compliance with the
consensus settings. In addition, the
SANS Institute will have a training course available within 30 days for
organizations and individuals that want to learn how to implement the new
benchmarks and use related security tools.
Clint
Kreitner, President and CEO of CIS said, “In today’s heightened threat
environment, everyone benefits when government and the private sector work
together to devise ways to better secure their systems and help others to do
likewise.”
About NIST
The National Institute of Standards and Technology is a non-regulatory agency of the U.S. Department of Commerce's Technology Administration. NIST develops and promotes measurement, standards, and technology to enhance productivity, facilitate trade and improve the quality of life. For general information about NIST, log on to www.nist.gov. For information on NIST computer security research, tools, services, and guidance publications, including Windows 2000, log on to http://csrc.nist.gov.
About DISA
The Defense Information
Systems Agency (DISA) is a Department of Defense (DOD) leader in network
management and security and is responsible for security of the worldwide
Defense Information System Network (DISN). DISA
has developed and maintains 25 Security Technical Information Guides
that detail "best practices" for securing various network
devices and computer operating systems.
For more information log on to www.disa.mil.
About NSA
The National Security
Agency (NSA) has dual missions: to provide foreign signal intelligence and to
protect vital U.S. information systems.
These missions require that NSA remain at the cutting edge of
technology. To meet this challenge, NSA employs highly talented mathematicians,
computer scientists, engineers, linguists, signals analysts, and intelligence
analysts, and aggressively partners with high-tech industry leaders, to include
local businesses. For more information
log on to www.nsa.gov.
About GSA
The General Services
Administration (GSA) is a centralized federal procurement and property
management agency created by Congress to improve government efficiency and help
federal agencies better serve the public. The Federal Computer Incident
Response Center (FedCIRC), is a collaborative partnership of computer incident
response, security and law enforcement professionals working together to handle
computer security incidents and to provide both proactive and reactive security
services for the federal government. For
more information, log on to www.gsa.gov.
About
The SANS Institute
The SANS (System
Administration, Networking, and Security) Institute is a cooperative research
and education organization through which more than 156,000 security
professionals, auditors, system administrators, and network administrators
invest thousands of hours each year in research and teaching to alert the
entire SANS community of security threats, news updates, special research
projects and publications, in-depth educational opportunities and certification
programs. More than 30,000 system and
security professionals have attended SANS immersion training in advanced
network security topics. For more
information log on to www.sans.org.
About CIS
The Center for Internet
Security (CIS) helps
organizations around the world effectively manage the risks related to
information security. CIS provides methods and tools to improve, measure,
monitor, and compare the security status of Internet-connected systems and
appliances. For more information log on
to www.cisecurity.org.
# # #