Government and Industry Agree on Recommended Baseline Security Settings for Windows 2000 Professional Workstations
GSA # 9964
July 17, 2002
Contact: Mary Alice Johnson, (202) 501-1231
WASHINGTON, DC - July 17, 2002 - Security experts from a broad range of public and private organizations have jointly published consensus Baseline Security Settings recommended for Windows 2000 Professional Workstations.
The collaborative effort involved Windows security experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Defense Information Systems Agency (DISA), National Security Agency (NSA), SANS (Systems Administrator Institute, and members of The Center for Internet Security (CIS). Implementation of these settings will result in a significant improvement in security status of Windows 2000 workstations.
"This is an example of a public-private partnership that can help government agencies and corporations better secure their systems against cyber attack," said Richard Clarke, Special Advisor to the President on Cyberspace Security.
"As the President has said, we are facing threats from an invisible enemy that will use every means to attack our technological infrastructure," said GSA Administrator Stephen A. Perry. "We at GSA have been working to do our part to prevent any disruption to government information systems." This partnership is one of the many positive efforts between business and government to help better the security on cyber-based systems.
Many security breaches are caused by software that runs workstations, servers, routers, firewalls, switches, and other network devices that have not been properly configured with the appropriate security settings.
Until today, there was no broad user consensus for communicating desired security settings to vendors. Now, this consensus baseline enables users to order, and vendors to begin shipping, Windows 2000 Professional systems with a basic level of security in place before they arrive at the customer's loading dock.
In response to the new baseline security settings, CIS (at cisecurity.org) is making available free of charge both a Windows 2000 Professional Baseline Benchmark and a Scoring Tool, which enables users to ensure compliance with the consensus settings. In addition, the SANS Institute will have a training course available within 30 days for organizations and individuals that want to learn how to implement the new benchmarks and use related security tools.
GSA is a centralized federal procurement and property management agency created by Congress to improve government efficiency and help federal agencies better serve the public. It acquires, on behalf of federal agencies, office space, equipment, telecommunications, information technology, supplies, and services. GSA, comprised of 14,000 associates, provides services and solutions for the office operations of over 1 million federal workers located in 8,300 government-owned and leased buildings in 1,600 U.S. communities.