Windows 2000 security draft released
- By Diane Frank
- Jan 29, 2002
NIST Windows 2000 guidance
The National Institute of Standards and Technology's security center on Jan. 28 released its draft guide for system administrators to secure Microsoft Corp.'s Windows 2000 Professional and many of the common applications that run on the operating system.
The NIST Computer Security Resource Center's package, "System Administration Guidance for Windows 2000 Professional," is intended to describe a recommended process for securing Windows 2000 systems and networks.
It includes configuration guides, checklists and templates for applications such as Web browsers, antivirus software and e-mail clients.
The guidance is not intended to provide the final word on Windows security for agency systems administrators, and the center makes it very clear on its Web site and in the guide that agencies should not implement any of the recommended settings without first testing them within the agency's network.
"This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore, this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address local operational and policy concerns," the security center's site states.
The center developed the guidance in collaboration with the National Security Agency, which has released several configuration guides for commercial products, including Windows NT and 2000.
NIST serves as the primary technical security resources for civilian agencies under the Computer Security Act of 1987.