"This is the single most important development in security this year," said Alan Paller, research director for the System Administration, Networking and Security (SANS) Institute, a founding partner in the CIS. "I think a lot of people will expect (contractors) to step up to the plate and provide computers that meet the benchmark."
The security benchmarks act as a good housekeeping seal of approval, testing whether a computer meets its patch and configuration requirements. The Level 1 series for Windows 2000 workstations has more than 500 tests that aim to ensure a minimum level of security.
As reported earlier, the CIS has focused on producing benchmarks for several operating systems. The center has benchmarks for Cisco IOS operating system for routers, Windows 2000 and NY, Sun Microsystems' Solaris, Linux and HP-UX, but the government has still not settled on whether the center's specs meet their requirements.
The link for this article located at ZDNet is no longer available.