|[December 12, 2012]
Center for Internet Security Publishes Consensus-Based Security Configuration Benchmarks for Key Database Platforms
EAST GREENBUSH, N.Y. --(Business Wire)--
Center for Internet Security (CIS), a not-for-profit organization
focused on enhancing cyber security readiness and response in the public
and private sectors, today announced the release of benchmarks that
provide security configuration guidance for two of the leading database
servers in the enterprise marketplace: Oracle (News - Alert) Database 11g R2 and
Microsoft SQL Server 2008 R2 Database Engines. By implementing these CIS
benchmarks, users can now follow a well-established list of settings to
safely harden their systems.
The CIS Oracle Database 11g R2 and CIS Microsoft (News - Alert) SQL Server 2008 R2
Benchmarks include specific, detailed guidance for a wide range of
security configuration settings, including recommendations for auditing
and logging, file/directory permissions and system authentication.
These CIS security guides are the result of a consensus-based peer
review process of subject matter experts, providing perspectives from a
diverse set of backgrounds including consulting, software development,
audit and compliance, security research, operations, government and
legal. Dr. Alan Carter Covell of Qualys (News - Alert), along with Alexander Kornbrust
of Red Database Security, Paul Wright, and Kevvie Fowler of Ringzero,
Inc. provided key contributions to this effort.
"Database security is essential for organizations of all sizes and
across all sectors, particularly as our data becomes more critical to
business operations and the need to better protect it grows. These new
CIS benchmarks provide clear, results-oriented guidance to help entities
implement security for their data and database systems," said Rick
Comeau, Executive Director, CIS Security Benchmarks Division. "We
are pleased to work with our industry partners and subject matter
experts to develop these consensus-based resources and make them
available to a broad audience."
The new CIS Security Configuration Benchmarks are available for download
free-of-charge on the CIS website:
Database 11g R2
SQL 2008 R2
For access to all CIS Benchmarks, which provide recommended secure
configuration controls spanning server and desktop operating systems,
network and mobile devices, desktop software applications and more,
Security Benchmarks. CIS Benchmarks are widely accepted by auditors
to meet a number of compliance requirements, including those within
FISMA, PCI (News - Alert), HIPAA and GLB.
CIS also encourages those interested in volunteering their time and
expertise to the consensus development of future CIS security benchmarks
to sign up online.
About the Center for Internet Security
The Center for Internet Security (CIS) is a not-for-profit organization
whose mission is to enhance the cyber security readiness and response of
public and private sector entities, with a commitment to excellence
through collaboration. The CIS Security
Benchmarks Division provides cost-effective, consensus-based and
internationally recognized solutions that help organizations improve
their cyber security and compliance posture.
[ Back To TMCnet.com's Homepage ]