Microsoft produced a set of tools so organizations can apply Microsoft-recommended security configurations to their environment. What is Microsoft Security Compliance Toolkit? The Microsoft Security Compliance Toolkit provides prescriptive configurations and guidance. Documents with principle statements are usually open to more interpretation, so audits usually require more effort to determine compliance. While both types of documents provide value to an organization, the documents with prescriptive statements are generally easier to validate compliance, as the value is either a pass or fail. Some of these documents contain principles (ie: Limit Administrator Privilege) vs prescriptive statements (ie: Lock-out Account After 3 Failed Logins). At Tenable, we have also created Best Practice audits for some popular software.
There are also organizations such as the Center for Internet Security (CIS) and Defense Information Systems Agency (DISA) producing best practice documents. To support this, we have seen more and more vendors create Security Best Practices documents to help customers protect their infrastructure, such as Microsoft with the Microsoft Security Compliance Toolkit (MSCT).
If you look at the Critical Security Controls lists many organizations produce, Secure Configurations typically appear within the top 5. Here’s how you can use Tenable.io and Nessus Professional to audit the security baselines included within the Microsoft Security Compliance Toolkit.Īn important portion of information security is ensuring systems and software are configured in a secure manner. Security baselines are helpful but to be sure of their effectiveness you need to perform regular audits.
0 kommentar(er)
