Blake Frantz Director of Benchmark Development Center for Internet Security

The Center for Internet Security (CIS), has announced its collaboration with Microsoft Corp. in developing a set of security resources that provide organizations using Microsoft Windows 8, Windows Server 2012 and Internet Explorer 10 with comprehensive guidance to help enhance the configuration security of those deployments.  

CIS and Microsoft worked with other security experts in government and industry to create these consensus-based, best practice tools, which are available for free through Microsoft’s Security Configuration Manager (SCM) and CIS’s secure configuration benchmarks. 

The Microsoft SCM enables rapid configuration and management of computers, traditional datacenter architectures and private cloud environments using Group Policy and Microsoft System Center Configuration Manager.

CIS has issued secure configuration benchmarks for Windows 8, Windows Server 2012 and Internet Explorer 10. These benchmarks provide users guidance on the security-focused configuration controls that should be applied for each of the Microsoft technologies, specific procedures on how to implement those recommendations, and audit procedures to then verify that those controls were correctly implemented.

Consumers of Microsoft products can now confidently adopt a secure configuration posture that incorporates the collective expertise of industry experts and both CIS and Microsoft.

“Working closely with our technical communities, CIS members and other partners to produce secure configuration best practices is one of CIS's primary objectives,” said Blake Frantz, CIS Director of Benchmark Development. “We're excited to jointly pursue that objective with Microsoft and provide our mutual communities consistent best practices for securing the products they depend on.”

“We’re pleased to announce a security configuration baseline built with consensus from Microsoft, government agencies around the world and the Center for Internet Security,” said Chase Carpenter, Product Unit Manager, Microsoft Solution Accelerators for Security and Compliance. “This effort marks the unification of several industry standards to help simplify deployments and increase supportability of Microsoft technologies.”

The Center for Internet Security (CIS) is a 501(c)(3) not-for-profit organization focused on enhancing the cyber security readiness and response of public and private sector entities. Through its three divisions—Security Benchmarks, Multi-State ISAC and Trusted Purchasing Alliance—CIS serves as a central resource in the development and delivery of high-quality, timely products and services to assist our partners in government, academia, the private sector and the general public in improving their cyber security posture.