Windows Benchmarks:

• Windows XP Benchmark (v2.01) - consensus settings for Legacy, Enterprise, and Specialized security levels for Windows XP Professional SP1/SP2.
• Windows Server 2003 Domain Controllers (v2.0) - consensus settings for Legacy, Enterprise, and Specialized security levels for Windows Server 2003 Domain Controllers.
• Windows Server 2003 Member Servers (v2.0) - consensus settings for Legacy, Enterprise, and Specialized security levels for Windows Server 2003 Member Servers.
• Level-1 Benchmark for Windows 2000 (v1.2.2) - consensus minimum due care security configuration recommendations for Windows 2000 servers and workstations
  
• Level-2 Windows 2000 Professional Operating System Benchmark (v2.2.1) - security configuration recommendations beyond the minimum due care level for Windows 2000 workstations. 
  
• Level-2 Windows 2000 Server Operating System Benchmark (v2.2.1) - security configuration recommendations beyond the minimum due care level for Windows 2000 Servers.
• Level-1 Benchmark for Windows NT (v1.0.5) - consensus minimum due care security configuration recommendations for WinNT servers and workstations
  

• Next Generation (NG) Scoring Tool v1.0 for Windows XP SP1/SP2, Windows Server 2003, and Windows 2000 Pro/Server systems.
  The CIS tool now supports all the latest versions of the Windows family of benchmarks.
  
  The tool requires Java to run. Two downloads are available:
  • ng_scoring_tool-gui-1.0-win32.exe: This version includes its own Java Virtual Machine(JVM). Users who do not have Java already installed on their systems should use this version. It is completely self contained and WILL NOT install Java on your system.
  • ng_scoring_tool-gui-1.0-win32-nojvmbundle.exe: This version does not include a JVM and is for users who already have Java installed on their systems.
  With the exception of the JVM, both tool downloads are exactly the same.
  
  Known issues with version 1.0 of the NG Scoring Tool:
  
  There are a small number of specific settings in the Windows operating systems that version 1.0 of the NG Scoring Tool can not access automatically. As a result, these settings are presented as questions when the tool is run. Manually answering these questions is required for the tool to produce an accurate score and a clear picture of the system's configuration state.
  
  Please see the README file in the tool package for the exact list of settings that fall into this category. CIS will continue development of the NG Scoring Tool in order to reduce this list to the smallest number possible.
  
  CIS Members -- a command line version of the NG Scoring Tool is available for download from the Members web site.

• Legacy: Settings in this level are designed for XP Professional/2003 Server systems that need to operate with older systems such as Windows NT, or in environments where older third party applications are required. The settings will not affect the function or performance of the operating system or of applications that are running on the system.
• Enterprise Standalone: Settings in this level are designed for XP Professional/Server 2003 systems operating in a managed environment where interoperability with legacy systems is not required. It assumes that all operating systems within the enterprise are Windows 2000 or later, therefore able to use all possible security features available within those systems. In such environments, these Enterprise-level settings are not likely to affect the function or performance of the OS. However, one should carefully consider the possible impact to software applications when applying these recommended XP Professional technical controls.
• Enterprise Mobile: These settings are nearly identical to the Enterprise Standalone settings, but with modifications appropriate for mobile users whose systems must operate both on and away from the corporate network. In environments where all systems are Windows 2000 or later, these Enterprise-level settings are not likely to affect the function or performance of the OS. However, one should carefully consider the possible impact to software applications when applying these recommended XP Professional technical controls.
• Specialized Security - Limited functionality: Settings in this level are designed for XP Professional/2003 Server systems in which security and integrity are the highest priorities, even at the expense of functionality, performance, and interoperability. Therefore, each setting should be considered carefully and only applied by an experienced administrator who has a thorough understanding of the potential impact of each setting or action in a partiular environment.

1. Can be understood and performed by system administrators with any level of security knowledge and experience, and applied to server or workstation operating systems.
2. Are unlikely to cause an interruption of service to the operating system or the applications that run on it.
3. Can be automatically monitored either by CIS Scoring Tools or by CIS-certified tools available from software vendors. Click Here for a roster of commercially available CIS-certified software tools.

1. Should be applied only to Windows 2000 workstation and server operating systems.
2. Contains some security configuration recommendations that affect operating system function, and are therefore of greatest value to system administrators who have sufficient security knowledge to apply them with consideration to OS functions and software applications running in their particular environments.

Revision histories can be found in the benchmark documents.  One of the benefits of CIS Membership is electronic notification when updates become available. 

Click Here for more information about membership.  If your organization is not a member of the Center, visit this website periodically to assure that you are using the latest version of the Windows Benchmarks.

DOWNLOAD the Windows Benchmarks and NG Scoring Tool