Public-private team agrees on Windows security benchmark

Public-private team agrees on Windows security benchmark

A consortium of security experts from government and the private sector today released a set of baseline settings for Windows 2000 Professional workstations.

The configuration, announced at a press conference in Washington, establishes a minimal security benchmark for the operating system that should not interfere with operating commonly used services and applications, said Clint Kreitner, president of the Center for Internet Security. It will not result in a fully secured, locked down system, he said.

CIS hosts the benchmarks and a tool for measuring compliance on its Web site at

Benchmark security settings already have been produced for Windows and other products by a number of organizations. What distinguishes this set is the breadth of the consensus it represents. It is the product of cooperation by dozens of agencies and private organizations, including the Defense Information Systems Agency, the General Services Administration, Microsoft Corp., the National Institute of Standards and Technology, the National Security Agency and SANS Institute.

Work on the baseline settings began in April.

'This is something a year ago I would not have believed possible,' Air Force CIO John Gilligan said. 'It is a post-Sept. 11 phenomenon.'

Gilligan said the consortium intended that the benchmarks, and subsequent products, would become congressionally mandated standards for government systems.

Presidential adviser Richard Clarke, who heads the president's Critical Infrastructure Protection Board, said the benchmarks represent a model for how security standards should be developed. He said that under the proposed Homeland Security Department, the standards-setting process would not be turned over to law enforcement, or to the defense and intelligence communities.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • security in the cloud (ShutterStock image)

    Cloud security is the agency’s responsibility

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group