Press Release

Center for Internet Security Issues Resources to Further Secure Windows 8, Windows Server 2012 and Internet Explorer 10

New Consensus-Based, Free Security Configuration Guidance Helps Organizations Enhance the Security of their Microsoft Enterprise Deployments

East Greenbush, NY

The Center for Internet Security (CIS), a 501(c)(3) nonprofit, today announced its collaboration with Microsoft Corp. in developing a set of security resources that provide organizations using Microsoft Windows 8, Windows Server 2012 and Internet Explorer 10 with comprehensive guidance to help enhance the configuration security of those deployments. CIS and Microsoft worked with other security experts in government and industry to create these consensus-based, best practice tools, which are available for free through Microsoft's Security Configuration Manager (SCM) and CIS's secure configuration Benchmarks.

The Microsoft SCM enables rapid configuration and management of computers, traditional data center architectures and private cloud environments using Group Policy and Microsoft System Center Configuration Manager.

CIS has issued secure configuration Benchmarks for Windows 8, Windows Server 2012 and Internet Explorer 10. These benchmarks provide users guidance on the security-focused configuration controls that should be applied for each of the Microsoft technologies, specific procedures on how to implement those recommendations, and audit procedures to then verify that those controls were correctly implemented.

Consumers of Microsoft products can now confidently adopt a secure configuration posture that incorporates the collective expertise of industry experts and both CIS and Microsoft.

"Working closely with our technical communities, CIS members and other partners to produce secure configuration best practices is one of CIS's primary objectives," said Blake Frantz, CIS Director of Benchmark Development. "We're excited to jointly pursue that objective with Microsoft and provide our mutual communities consistent best practices for securing the products they depend on."

"We're pleased to announce a security configuration baseline built with consensus from Microsoft, government agencies around the world and the Center for Internet Security," said Chase Carpenter, Product Unit Manager, Microsoft Solution Accelerators for Security and Compliance. "This effort marks the unification of several industry standards to help simplify deployments and increase supportability of Microsoft technologies."

More information on security baselines can be found using Microsoft Security Compliance Manager and is available at

More information on CIS secure configuration benchmarks is available at