The Center for Internet Security (CIS)
___________________________________________________
1. Provided below is a copy of a recent CIS announcement.
2. CIS is one of the most significant security initiatives over the past eight years and truly a major success story in "impacting" information security practices.
3. Check them out at - http://www.cisecurity.org/
HAGW.
Dan
___________
CIS MEMBER UPDATE
March 27, 2008
Vol. 5, No. 2
CONTENTS
I. 2008 CIS BENCHMARK ROADMAP
II. XML BENCHMARK EDITING GUIDE RELEASED
III. CIS-CAT BUG FIX UPDATE
IV. CIS METRICS INITIATIVE
---------------------------------
**2008 CIS BENCHMARK ROADMAP**
CIS is committed to: (1) creating new consensus Benchmarks, (2) maintaining the Benchmarks now distributed from the CIS website, and (3) promoting uniformity among the CIS Benchmarks.
Below is the 2008 CIS Benchmark Development Roadmap (including the technical team leader where known):
A. New Benchmarks currently in development:
1. Apache Tomcat – Adam Ely
2. Citrix Xen Server – Adam Cecchetti
3. Office 2003/2007 – Stephanie Smith
B. Benchmark Updates currently in progress:
1. SuSE Linux – Nancy Whitney
2. Max OS X Leopard – Allan Marcus
3. Vmware ESX Server – Iben Rodriguez
4. Oracle 11g – Adam Cecchetti
C. Other New Benchmarks and Benchmark Updates planned for 2008:
1. Web Browser – New
2. PostgreSQL – New
3. MS SharePoint – New
4. Office XP/2007 – New
5. Juniper JunOS – New
6. Citrix – New
7. Palm/Windows Mobile Handhelds – New
8. VoIP – New
9. Banner – New
10. Print Devices – New
11. Sybase – New
12. OS400 – New
13. Slackware – Update
14. AIX – Update
15. BIND – Update
D. Benchmark Formatting – As one step towards promoting uniformity among the CIS Benchmarks: (1) All new CIS Benchmarks will conform to a single new template set forth in the CIS Benchmark Format Guide v1.0 and (2) CIS is working to convert all currently non-conforming CIS Benchmarks to the CIS Benchmark Format Guide.
**XML BENCHMARK EDITING GUIDE RELEASED**
CIS has released a new editing guide that will provide members with information on configuring custom policy entries in the benchmark XML files. The guide, named the “CIS XML Site Adaptation Guide”, is available from the Downloads section of the Members’ Web site. We welcome feedback on the guide, and hope to expand and enhance it in the future.
**CIS-CAT BUG FIX UPDATE**
CIS is actively working on the CIS-CAT bug list. The updated version includes an “Unsupported Operation" error that was caused by Java code issues and an error in the XML for the CIS Benchmarks for Windows XP Benchmark. Both issues have been resolved and the following has been recently posted to the CIS Members’ site: (1) an updated CIS-CAT audit tool, and (2) a corrected Windows XP Benchmark in XML (XCCDF).
**CIS METRICS INITIATIVE**
As announced in yesterday’s CIS Member Update, in addition to continuing its long-standing commitment to creating new and updated configuration benchmarks, CIS is spearheading a new effort to define a consensus-based set of metrics that will help CIS Members ensure that time spent on measurement is time well spent. The consensus method has been a great success in defining configuration benchmarks and we anticipate it will be equally successful in getting the industry aligned around an evolving set of security metrics.
Specifically, CIS plans to focus on practical metrics of interest to security professionals; metrics that will both: (1) measure the effectiveness of the security practices you and others have adopted, and (2) communicate the value of these practices in terms that business people can understand.
CIS is partnering with Mike Rothman, the head of research firm Security Incite, to drive this effort.
Mike will be launching a new wiki this week to manage the consensus effort. CIS Members interested in participating should send an email to Mike Rothman at mike.rothman%40securityincite.com">mike.rothman
securityincite.com.
***END***
---------------------------------
No Cost - Get a month of Blockbuster Total Access now. Sweet deal for Yahoo! users and friends.
[Non-text portions of this message have been removed]
.