IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New Benchmark

CIS releases new security benchmark for Windows 2000.

The Center For Internet Security (CIS) has released a new security configuration benchmark for Windows 2000 Server, and updates to the benchmarks for Solaris and Cisco IOS routers. The benchmarks and associated scoring tools are now available for download free of charge from the CIS web site (www.cisecurity.org).

The benchmarks have been developed through the CIS consensus process, involving many commercial, academic and government organizations that are CIS members.

The update to the Solaris benchmark and scoring tool allows more secure configuration with less effort, and includes recommendations to secure Solaris v9.0. The benchmark for Cisco IOS routers have been revised, reorganized, and includes a new audit checklist. The updated RAT scoring tool v2.0 features a single click installer for windows and improved recommendations for localization and customization. Readme files in the download packages more fully enumerate the changes to the updated versions of the benchmarks and tools.

CIS designates the Windows 2000 server recommendations as a level-2 benchmark. The level-2 designation indicates consensus preferred-practice security. However, based on the role and function of the server, some of the recommended level-2 settings and actions will affect the performance of the operating system and applications that run on it. CIS recommends that level-2 benchmark configurations be implemented by experienced security specialists or system administrators who can make informed decisions to optimize system security and performance.

The Solaris configuration is a level-1 benchmark. CIS level-1 recommendations secure systems to the minimum level of prudent due care, as defined through the consensus process, and are highly unlikely to affect the performance of the operating system or applications running on it.

The Cisco IOS benchmark is comprised primarily of level-1 configuration recommendations that are unlikely to cause an interruption of service to the operating system or inhibit desirable traffic. The benchmark also contains level-2 security recommendations to which the aforementioned level-2 cautions apply.