Director of Communications
Center for Internet Security
Center for Internet Security Issues Resources to Further Secure Windows 8, Windows Server 2012 and Internet Explorer 10
New Consensus-Based, Free Security Configuration Guidance Helps Organizations Enhance the Security of their Microsoft Enterprise Deployments
The Center for Internet Security (CIS), a 501(c)(3) nonprofit, today announced its collaboration with Microsoft Corp. in developing a set of security resources that provide organizations using Microsoft Windows 8, Windows Server 2012 and Internet Explorer 10 with comprehensive guidance to help enhance the configuration security of those deployments. CIS and Microsoft worked with other security experts in government and industry to create these consensus-based, best practice tools, which are available for free through Microsoft's Security Configuration Manager (SCM) and CIS's secure configuration Benchmarks.
The Microsoft SCM enables rapid configuration and management of computers, traditional datacenter architectures and private cloud environments using Group Policy and Microsoft System Center Configuration Manager.
CIS has issued secure configuration Benchmarks for Windows 8, Windows Server 2012 and Internet Explorer 10. These benchmarks provide users guidance on the security-focused configuration controls that should be applied for each of the Microsoft technologies, specific procedures on how to implement those recommendations, and audit procedures to then verify that those controls were correctly implemented.
Consumers of Microsoft products can now confidently adopt a secure configuration posture that incorporates the collective expertise of industry experts and both CIS and Microsoft.
"Working closely with our technical communities, CIS members and other partners to produce secure configuration best practices is one of CIS's primary objectives," said Blake Frantz, CIS Director of Benchmark Development. "We're excited to jointly pursue that objective with Microsoft and provide our mutual communities consistent best practices for securing the products they depend on."
"We're pleased to announce a security configuration baseline built with consensus from Microsoft, government agencies around the world and the Center for Internet Security," said Chase Carpenter, Product Unit Manager, Microsoft Solution Accelerators for Security and Compliance. "This effort marks the unification of several industry standards to help simplify deployments and increase supportability of Microsoft technologies."
More information on security baselines can be found using Microsoft Security Compliance Manager and is available at http://www.microsoft.com/scm
More information on CIS secure configuration benchmarks is available at http://benchmarks.cisecurity.org
About the Center for Internet Security
The Center for Internet Security (CIS) is a not-for-profit organization whose mission is to enhance the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS comprises three divisions: the Multi-State Information Sharing and Analysis Center, which serves as a key cyber security resource for the nation’s state, local, territorial, and tribal (SLTT) governments; the Security Benchmarks Division, which provides consensus best practice standards for security configurations; and the Trusted Purchasing Alliance, which serves SLTT governments and not-for-profits in achieving a greater cyber security posture through trusted expert guidance and cost-effective procurement.