Public-private team agrees on Windows security benchmark

Public-private team agrees on Windows security benchmark

A consortium of security experts from government and the private sector today released a set of baseline settings for Windows 2000 Professional workstations.

The configuration, announced at a press conference in Washington, establishes a minimal security benchmark for the operating system that should not interfere with operating commonly used services and applications, said Clint Kreitner, president of the Center for Internet Security. It will not result in a fully secured, locked down system, he said.

CIS hosts the benchmarks and a tool for measuring compliance on its Web site at

Benchmark security settings already have been produced for Windows and other products by a number of organizations. What distinguishes this set is the breadth of the consensus it represents. It is the product of cooperation by dozens of agencies and private organizations, including the Defense Information Systems Agency, the General Services Administration, Microsoft Corp., the National Institute of Standards and Technology, the National Security Agency and SANS Institute.

Work on the baseline settings began in April.

'This is something a year ago I would not have believed possible,' Air Force CIO John Gilligan said. 'It is a post-Sept. 11 phenomenon.'

Gilligan said the consortium intended that the benchmarks, and subsequent products, would become congressionally mandated standards for government systems.

Presidential adviser Richard Clarke, who heads the president's Critical Infrastructure Protection Board, said the benchmarks represent a model for how security standards should be developed. He said that under the proposed Homeland Security Department, the standards-setting process would not be turned over to law enforcement, or to the defense and intelligence communities.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.