Security benchmark tools available
- By Diane Frank
- Oct 03, 2002
Federal CIS download site
All federal agencies can now freely distribute and use the security configuration
tools developed by the independent Center for Internet Security (CIS) and
endorsed by federal security experts.
The General Services Administration's Federal Computer Incident Response
Center this week announced an agreement signed with CIS for the redistribution
licenses, paid for by FedCIRC, the National Security Agency, the Defense
Department and other federal organizations.
The downloads are available through a site set up specifically for federal
users at www.cisecurity.org/federalcisusers.
The tools offer a high-level security benchmark for commonly used operating
systems, applications and appliances, and organizations can use the tools
to check configurations. The tools are developed in collaboration with all
of the center's members including experts from government, industry and
academia but the center does not allow the companies that make the products
to be members, said Franklin Reeder, chairman of the center.
In July, the center and several federal agencies announced the release
of the latest tool, a benchmark for Microsoft Corp.'s Windows 2000 operating
system. Tools are also available for other operating systems including
Windows NT, Sun Microsystems Inc.'s Solaris and Linux and for Cisco Systems
Inc.'s IOS routers.
The tools are available for free on the center's site, but unless an
agency has signed up as a member, the tools cannot be redistributed throughout
the organization for use on multiple systems. The FedCIRC agreement does
not provide full membership privileges, but it does allow agency systems
administrators to distribute the tools internally, according to a center
official.
Membership also allows agencies to participate in the development of
new tools and the updates to existing tools, as well as open access to discussions
among members.
Several agencies are already full members, including the Justice Department
and the Naval Surface Warfare Center.