[ISN] NIST aims to ease XP security setup

From: InfoSec News (isn@private)
Date: Wed Jun 30 2004 - 07:24:02 PDT

  • Next message: InfoSec News: "[ISN] ISTS TAG R&D Agenda Release"

    By Florence Olsen 
    June 29, 2004 
    Officials at the National Institute of Standards and Technology hope
    their new publication will help simplify the process of setting
    security controls on Microsoft Corp.'s Windows XP Professional
    operating system.
    NIST officials, who released the draft of Special Publication 800-68
    this week, said the recommendations and security configuration
    checklists will help federal agencies fulfill their responsibilities
    for computer and information security under the Federal Information
    Security Management Act of 2002.
    The document's authors acknowledge the difficulty of setting
    reasonable security controls on an operating system as complex as
    Windows XP Pro. A publication that guides systems administrators and
    technical users through the process should help other federal agencies
    avoid time-consuming and costly mistakes, NIST officials said.
    They worked with the Defense Information Systems Agency, the National
    Security Agency, Microsoft and the nonprofit Center for Internet
    Security to reach a consensus on security settings for Windows XP and
    for productivity applications, e-mail, Web browsers, personal
    firewalls and antivirus programs that run on XP.
    Next month, NIST officials will release a separate publication on the
    agency's new Security Configuration Checklists Program. Under that
    program, NIST will operate a Web portal that enables users to search
    for software products by name, product type and security level.  
    Federal officials will be able to make purchasing decisions, for
    example, based on whether a security configuration checklist exists
    for a particular product.
    Software makers, businesses and government agencies are beginning to
    reach consensus on security controls that can be tolerated without
    breaking the programs that run on computers, said Clint Kreitner,
    president and chief executive officer of the Center for Internet
    Security. The center develops security configurations through a
    process based on consensus and testing.
    On the basis of those consensus configurations, Kreitner said,
    companies such as Dell Inc. have begun shipping computers with a
    secure configuration of Windows 2000. In a few months, Dell will sell
    computers with a similar security configuration for Windows XP.
    Microsoft also has shipped its Windows Server 2003 software with
    recommended security settings in place, Kreitner said. And the company
    is working with the configuration standards group to do the same with
    Exchange 2003, Microsoft's suite of collaboration software.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Wed Jun 30 2004 - 11:47:12 PDT