Download the newly updated Security Compliance Management Toolkit Series!
We are very pleased to announce the release of new security baselines for Windows® 7 and Windows® Internet Explorer® 8. These new baselines are now included with the Security Compliance Management Toolkit Series. Over the past few months, we collaborated with Microsoft security experts, multiple government agencies worldwide, and a large community of IT security professionals to develop and test these new security baselines. Now that Windows 7 is available, we are excited to share the results of our efforts.
The Security Compliance Management Toolkit Series is an end-to-end solution to help you plan, deploy, and monitor security baselines of Windows® operating systems, Internet Explorer, and 2007 Microsoft® Office applications. The new Windows 7 security baseline also includes recommendations for BitLocker™ Drive Encryption. The series provides you with the following:
-
Prescriptive and tested security guidance from Microsoft.
-
GPOAccelerator – a tool to help you configure and deploy recommended security settings.
-
Configuration packs compatible with the desired configuration management (DCM) feature of Microsoft® System Center Configuration Manager 2007 R2, and reporting functionality to help you verify that your organization's compliance requirements have been met.
Next Steps:
-
-
-
-
Join a related Beta review program. The Solution Accelerators security team is developing a new tool called the Security Compliance Manager to help you better manage the security and compliance process for the most widely used Microsoft technologies. Join the Beta review program and provide your feedback to help the security team build this offering.
To download these extensions, click here.
The System Center Configuration Manager Extensions for SCAP are designed for organizations to use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 to scan the computers in your environment and then document their level of compliance with the Federal Desktop Core Configuration (FDCC) mandate.
The extensions enable Configuration Manager 2007 to consume Security Content Automation Protocol (SCAP) data streams, assess systems for compliance, and generate report results in SCAP format by taking advantage of the compliance checking capabilities inherent in the DCM feature. Now your organization can use its existing Configuration Manager 2007 infrastructure to ensure that the computers you manage meet this federal compliance requirement and generate the requisite FDCC reports for the National Institute of Standards and Technology (NIST) and the U.S. Office of Management and Budget (OMB).
If your organization is affected by the FDCC mandate, these extensions should be very valuable to you.
Note: This solution has now been formally validated by NIST and is recognized as a SCAP validated tool with FDCC scanning capability.
Next steps
· Get all the details about theses by visiting the extensions by visiting System Center Configuration Manager Extensions for SCAP on Microsoft TechNet.
· Download the System Center Configuration Manager Extensions for SCAP from the Microsoft Download Center.
Join now, download the security baselines, and provide your feedback.
We are pleased to announce this Security Baselines Beta release. The best-practice guidance and security settings provided by the new Security Baselines Beta will help you plan and deploy your security baselines with ease and confidence. These baselines provide you with prescribed settings documentation and Group Policy objects for Windows® 7, BitLocker™ Drive Encryption, and Windows Internet Explorer® 8. The preconfigured settings are designed for both Enterprise Client and Specialized Security – Limited Functionality environments. Ultimately, these baselines allow you to leverage the experience of Microsoft security professionals and reduce the time required to harden Windows 7, BitLocker, and Internet Explorer 8 for your environment.
Tell us what you think! Test drive our Beta release, and send us your constructive feedback. What are your thoughts on the recommended settings in these new security baselines? Do you see any ways the content could be improved or made more useful? We value your input; this is the perfect opportunity to be heard. The Beta review program runs until August 17.
Next Steps:
Join the Security Baselines Beta today.
Bookmark this link to get the latest project details.
Download the Security Baselines.
Provide us with your feedback.
We will be releasing the System Center Configuration Manager Extensions for SCAP later this week. These extensions are the next version of earlier released “SCAP conversion tool for DCM”. This new release expands functionality to both convert SCAP content for use by DCM and DCM reports into SCAP reporting format.
If your organization works closely with U.S. government agencies, the ability to demonstrate compliance with the Federal Desktop Core Configuration (FDCC) mandate using Security Content Automation Protocol (SCAP) standards may be very important to you. The Federal Desktop Core Configuration (FDCC) mandate requires federal agencies and organizations that provide information services to those agencies to configure their computers that run Windows Vista® or Windows® XP with a specific list of settings published by the National Institute of Standards and Technology (NIST). The FDCC mandate also requires organizations to document their compliance by scanning the computers they manage using SCAP content published by NIST and to provide the results in SCAP format.
The System Center Configuration Manager Extensions for SCAP will enable you to use Configuration Manager 2007 to scan the computers you manage for compliance with the FDCC mandate issued by the OMB. The free download includes command-line tools to convert SCAP content into the format used by the Desired Configuration Management (DCM) feature in Configuration Manager 2007, and to convert DCM reports into SCAP format. The extensions enable Configuration Manager to consume SCAP data stream files, assess systems for compliance, and generate report results in SCAP format.
For more information on System Center Configuration Manager Extensions for SCAP bookmark this blog.
The IT Infrastructure Threat Modeling Guide is now available.
Organizations today face an increasing number of threats to their computing environments. You need a proactive approach to assist you in your efforts to protect your organization's assets and sensitive information. This guide provides an easy-to-understand method that enables you to develop threat models for your IT environment and prioritize your investments in IT infrastructure security.
This Solution Accelerator includes a Microsoft Word document that helps IT professionals develop and implement threat models for their IT environments, and a Microsoft PowerPoint® presentation that is designed for use in a learning or lecture environment to present the concept of IT infrastructure threat modeling. These materials are designed to help IT professionals accomplish the following:
· Provide use case scenarios for each component to be threat modeled.
· Identify threats that could affect their organizations’ IT infrastructures.
· Discover and mitigate design and implementation issues that could put IT infrastructures at risk.
· Prioritize budget and planning efforts to address the most significant threats.
· Conduct security efforts for both new and existing IT infrastructure components in a more proactive and cost-effective manner.
Next Steps
Download the IT Infrastructure Threat Modeling Guide.
Protect yourself from the identified threats using other Security and Compliance Solution Accelerators such as the Security Compliance Management Toolkit and the Hyper-V Security Guide
If your organization is affected by the Federal Desktop Core Configuration (FDCC) mandate, and the Security Content Automation Protocol (SCAP), then this new Beta program will be of interest to you. The FDCC mandate from the Office of Management and Budget (OMB) requires federal agencies and organizations to configure their computers running Windows Vista® and Windows® XP according to a specific list of settings published by the National Institute of Standards and Technology (NIST). The FDCC mandate also requires these agencies and organizations to document their compliance by scanning the computers they manage using SCAP content published by NIST, and to provide the compliance results in SCAP format.
The System Center Configuration Manager Extensions for SCAP enable you to use Microsoft® System Center Configuration Manager 2007 to scan computers running these operating systems that you manage for compliance with the FDCC mandate. The System Center Configuration Manager Extensions for SCAP include command-line tools to convert SCAP content into the format used by the Desired Configuration Management (DCM) feature in Configuration Manager 2007, and to convert DCM reports into SCAP format.
· You can participate in the Beta by visiting the Beta Program site on Microsoft Connect (Windows Live™ ID login and registration required). After you sign up, bookmark this link to the project site for access to download the Beta tools and guidance, and receive the latest information about the project.
Note: This solution has not been formally validated by NIST. Although Microsoft will submit it at a future date, at this time NIST has not yet recognized it as a SCAP validated tool with FDCC scanning capability.
The new Hyper-V Security Guide has been released. It provides methods and best practices to strengthen the security of computers running the Hyper-V role on Windows Server® 2008. The guide covers the following three topics:
Hardening Hyper-V
We provide you with prescriptive guidance for hardening the Hyper-V role and discuss several best practices for installing and configuring Hyper-V on a Windows Server 2008 server with a focus on security. Our best practices include measures for reducing the attack surface of a server running Hyper-V and recommendations for properly configuring secure network and storage devices.
Delegating Virtual Machine Management
For this topic we discuss several available methods for delegating virtual machine management so that virtual machine administrators only have the minimum permissions they require. We describe common delegation scenarios, and include detailed steps to guide you through using Authorization Manager (AzMan) and System Center Virtual Machine Manager 2008 (VMM 2008) to separate virtual machine administrators from virtualization host administrators.
Protecting Virtual Machines
Here we provide you with prescriptive guidance for securing virtual machine resources. We discuss best practices and include detailed steps for protecting virtual machines by using a combination of file system permissions, encryption, and auditing. We also include resources for hardening and updating the operating system instances running within your virtual machines.
Next steps
To read more about the guide, click here.
To download the guide, click here.
Additional resources
Read about our other security Solution Accelerators.
Listen to a Podcast on virtualization security best practices.
Launch the Download Now
We have just released the Security Compliance Management Toolkit series to help you secure and monitor Windows® operating systems and 2007 Microsoft® Office.
This series marks the next generation of Microsoft security guides by automating the security baselines for them. This release includes updated security guides, predefined Group Policy, the GPOAccelerator tool, and Configuration Packs to help you plan, deploy, and monitor your Windows and 2007 Office security baselines.
In a nut shell the Security Compliance Management Toolkit series provides you with expanded best practices and automation tools to configure and deploy security settings for the following operating systems and applications:
· Windows Server® 2008
· Windows Server® 2003 Service Pack 2 (SP2)
· Windows Vista® SP1
· Windows® XP Professional SP3
· 2007 Microsoft Office SP1
After deploying the security settings in your environment, monitor the settings by applying one or more of 26 Configuration Packs with the desired configuration management (DCM) feature of Microsoft® System Center Configuration Manager 2007 SP1.
Download Toolkit
· Get all the details about the toolkit series by visiting www.microsoft.com/securitycompliance.
· Download the Security Compliance Management Toolkit series.
Additional Resources
· Preview the toolkit series and learn more about it through virtual labs and how-to videos by visiting www.microsoft.com/ssa
The benefits of virtualization are more evident than ever. Microsoft Hyper-V™ technology allows consolidation of workloads that are currently spread across multiple underutilized servers onto a smaller number of servers. This capability provides you with a way to reduce costs through lower hardware, energy, and management overhead while creating a more dynamic IT infrastructure.
The Hyper-V Security Guide can help you elevate the security of virtualized Windows Server® environments to meet your business-critical needs. This Solution Accelerator provides IT professionals like you with guidance, instructions, and recommendations to address your key security concerns around server virtualization in the following areas:
· Hardening Hyper-V. The guide provides prescriptive guidance for hardening the Hyper-V server role, including several best practices for installing and configuring Hyper-V with a focus on security. These best practices include measures for reducing the attack surface of Hyper-V as well as recommendations for properly configuring secure virtual networks and storage devices on a Hyper-V host server.
· Delegating virtual machine management. The ability to safely and securely delegate administrative access to virtual machine resources within organizations is essential. The guide highlights several available methods to administer different aspects of a virtual machine infrastructure and ways to control administrative access to different servers and at different levels.
· Protecting virtual machines. The guide also provides prescriptive guidance for securing virtual machine resources, including best practices and detailed steps for protecting virtual machines by using a combination of file system permissions, encryption, and auditing.
The Beta release is available now for your review through March 4th, 2009. By participating in this Beta Program, you can provide timely feedback about the guidance to our team to help us ensure that it meets your needs when it is released.
Next steps:
· Download the Beta by visiting the Security Solution Accelerators Connect Site (Windows Live™ ID login and registration required) and joining Project Codename Teton.
· Once you have registered, that link won't work; please bookmark this link to the project site to get the latest project information.
We would like to ask you to take a few minutes of your day and fill out a quick survey. Tell us how we're doing, and what we can do better.
We want to hear what you think about Solution Accelerators—if you’ve used a Solution Accelerator within your organization, help us by completing this short survey.
Our sister team, would like to invite you to a set of live meetings focused on IT compliance such as PCI. If you or your manager struggles with the complexities of compliance take the time to listen in on a Live meeting.
-----
‘Reduce the cost and effort of configuring and validating Microsoft products to address customer IT GRC requirements.’ - Project Tribeca Team
Does your IT team struggle to cope with the ever-changing demands of domestic and international governance, risk, and compliance (GRC) requirements? Microsoft is working to provide product configuration guidance to help IT professionals achieve compliance with hundreds of GRC authority documents, including SOX, PCI, HIPAA, GLBA, and EUDPD.
Join the Microsoft Project Tribeca team in weekly discussions to help shape content, GRC authority document alignment, and technology configuration guidance that directly affects your organization.
Meeting Dates
Attend any single or multiple Connect meetings
- 1/28/09 8 AM PT - What GRC Authority Documents impact your organization?
- 2/04/09 8 AM PT - How does your IT department manage change/configuration for GRC requirements.
Please join us by signing up for the IT governance and Compliance program in Microsoft Connect. Click here to join the program.
After you have joined the program, bookmark the following link to return to the program site and get the latest information about upcoming events:
https://connect.microsoft.com/site/sitehome.aspx?SiteID=657
This Solution Accelerator essentially builds on our previous releases to provide you with expanded best practices and additional automation tools to help you configure and deploy security settings for the following operating systems and applications:
· Windows Vista® Service Pack 1 (SP1),
· Windows XP® Professional SP3,
· Windows Server® 2008,
· Windows Server® 2003 SP2,
· 2007 Microsoft Office SP1.
After deploying the security settings, you can now verify the accuracy of the setting policies and monitor policy changes by applying one or more of 18 Configuration Packs using the desired configuration management (DCM) feature of Microsoft System Center Configuration Manager 2007.
Next steps:
· Download the Beta by visiting the Program Connect Web site (Live ID logging and registration required)
After joining the Beta review program, bookmark this link to the program site to get the latest information about upcoming events.
· The Beta runs through 6th January 2009 and hence be sure to download the beta right now!
By participating in this Beta review program, you can provide timely feedback about the guidance to our team to help us ensure that it meets your needs when released!
I wanted to take an opertunity to introduce the latest Solution Acclerator. If your intrested in Compliance you should take a look at this guidance.
Download it NOW!
Shift efforts of Governance Risk and Compliance to technology, using the IT Compliance Management guide!
You already own Microsoft the products that can help you manage compliance issues. Use the IT Microsoft Compliance Management guide to better understand how to configure controls, save money, and realize compliance regulations, do it all within a framework to ensure compliance.
Frank
Solution Accelerators Security site has a new face, you should check it out. The Solution Accelerators Techcenter for Security was published recently to help better navigate the security Solutions Accelerators. The library contains a vast array of Accelerators addressing issues in response management with The Malware Removal Starter Kit, or hardening guides such as the Windows Server 2008 Security Guide. What's really cool is that the site is organized in a simple to navigate manner addressing the MOF v4 phases.
The Solution Accelerators - Security and Compliance team has released a beta version of its first set of guides in the Compliance Management Series. This effort expands on the work done in the Regulatory Compliance Planning Guide published in 2006.
Here is a bit of detail on the new Solution Accelerator:
Managing compliance issues imposed by regulations and statutory requirements can be difficult to reconcile with regulations and standards such as PCI DSS, ISO 27002, AICPA GAPP, and COBIT. An additional challenge is the lack of a single source of compliance configuration guidance for Microsoft products.
The Compliance Management Series (a MOF–based expansion of the Regulatory Compliance Planning Guide) provides Standards of Care and simple checklists to help you configure Microsoft products to address Governance, Risk, and Compliance (GRC) requirements.
Standards of Care simplify complex categories such as Asset Management, Compliance Management, and Risk Management, and clarify how to configure Microsoft products quickly and effectively for these categories.
The Series uses Microsoft Operations Framework (MOF) 4.0 to provide you with a structured approach to the planning and delivery of configuration changes in your organization.
https://connect.microsoft.com/InvitationUse.aspx?ProgramID=2404&InvitationID=cmbt-8XBG-PD28&SiteID=657
After you join the program, bookmark the following link to return to the program site and get the latest information about upcoming events:
https://connect.microsoft.com/site/sitehome.aspx?SiteID=657
