Center releases first OS security benchmarks

Center releases first OS security benchmarks

By William Jackson

GCN Staff

JULY 18—The Center for Internet Security has released the first operating system security benchmarks, setting minimum configuration requirements for Solaris from Sun Microsystems Inc.

Fred Kerby, information systems security manager at the Naval Surface Warfare Center's Dahlgren Division in Maryland, called the benchmarks a 'step in the right direction' toward securing software that comes with unnecessary services activated. As shipped by vendors, 'most of the products are wide open,' Kerby said. 'There isn't any security built into it, and there isn't any access control on it.'

Software can be reconfigured, but many users are not aware of the vulnerabilities or which services to disable. Version 1.01 of the Sun Solaris security benchmarks defines detailed configuration settings for basic security. A scoring tool installed with the benchmark examines the operating system, reports current settings and gives instructions for closing vulnerabilities.

The settings provide what the organization calls a 'minimum, prudent level of security.'

The benchmark and tools can be downloaded free from the CIS Web site at Benchmarks for other popular operating systems, including Microsoft Windows NT and Windows 2000, Linux, HP-UX and AIX, will be available in the coming months, said CIS president Clint Kreitner. More sophisticated benchmarks for specific network architectures also will be developed.

Although software vendors have worked with CIS in developing benchmarks, Kreitner said, they have not committed to using benchmark settings as default configurations. 'That will be the result when the users begin to push back and ask them,' he said.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected