Public-private team agrees on basic Win 2000 security settings
- By William Jackson
- Jul 19, 2002
'This is something a year ago I would not have believed possible.'
'Air Force CIO John Gilligan
A team of security experts from government and industry last week announced a consensus on baseline security settings for computers running Microsoft Windows 2000 Professional.
The settings for the operating system, which is widely used in government, do not interfere with commonly used services and applications, said Clint Kreitner, president of the Center for Internet Security of Bethesda, Md. But neither do they fully lock down a Win 2000 system, Kreitner added.
The baseline settings and a tool for measuring compliance are downloadable from the center's site, at www.cisecurity.org
Other organizations such as the General Services Administration, the National Security Agency and the National Institute of Standards and Technology have security benchmarks for Windows and other software products. What distinguishes this set is the breadth of consensus behind it.
Dozens of other government and private organizations including the Defense Information Systems Agency, Microsoft Corp. and the SANS Institute began collaborating on the Win 2000 settings in April.Mandatory standards
'This is something a year ago I would not have believed possible,' Air Force CIO John Gilligan said. 'It is a post-Sept. 11 phenomenon.'
Gilligan said the consortium wants this benchmark'and subsequent ones'eventually to become congressionally mandated standards for government systems.
Presidential adviser Richard Clarke, who heads the President's Critical Infrastructure Protection Board, said the benchmarks represent a model for how security standards should be developed. He said the proposed Homeland Security Department would not leave the standard-setting process to the law enforcement, Defense or intelligence communities.
William Jackson is freelance writer and the author of the CyberEye blog.