March 20, 2002
Security Software Vendors Embrace User-Originated Standards
BindView, Symantec and NetIQ Will Certify Products to Advance Widespread Adoption of Consensus Security Benchmarks
The Center for Internet Security (CIS) today announced that BindView Corporation (Nasdaq: BVEW), Symantec (Nasdaq: SYMC) and NetIQ (Nasdaq: NTIQ) are engaged in the CIS certification process for their security software products. With the CIS-certified tools, managers and IT professionals can determine how their system configurations measure up against CIS security benchmarks, the first-ever global consensus standards for security readiness at the detailed operational level.
The certified tools will help end-users define and achieve measurable goals for improvement in their information security practices. This creates a new framework for security accountability for use by governing bodies, auditors, senior managers, security professionals, system administrators, security consultants and security software vendors.
Managers have long lamented the absence of widely accepted, best-practice standards that specify in detail how workstation and server operating systems, software applications, firewalls, routers and other network devices should be configured for optimal security. CIS was created in response to that need, and is producing the benchmarks through a global consensus process that brings together industry, government, academia and consultants. The user-originated benchmarks enumerate the configuration settings and actions that are most important for securing their systems.
Bindview has initiated the CIS certification process for its Enterprise Security Solution, NetIQ for its Security Analyzer and Security Manager products, and Symantec for its Enterprise Security Manager tools. The three companies are CIS members, and participate in the development of the benchmarks.
"As the leader in the vulnerability assessment market, and trusted security partner to over 5,000 companies, BindView is dedicated to helping to develop and establish security standards that are up-to-date, easily understood and interpreted, and meet the evolving needs of security professionals," said Joe Bertnick, group manager of security solutions at BindView. "In addition to working with CIS to develop these revolutionary benchmarks, BindView will provide its customers with the tools they require to assess their networks against the new standards."
"CIS has demonstrated exceptional insight by leading the development of needed security benchmarks that incorporate input from thousands of users," said Harold Toomey, product manager at Symantec. "As a company with the same commitment to security, this is the first of many benchmarks planned for Symantec Enterprise Security Manager and application products."
"Because NetIQ works daily securing the network infrastructure and data of organizations around the world, we immediately recognized CIS's contribution to the industry and the value of the certification to end users," said Scott Hollis, director of security products at NetIQ. "NetIQ is working with CIS to establish and offer security software that conform to interoperability standards and bring peace of mind to our customers."
Thousands of vulnerable computers are connected to the Internet and subjected to cyber attacks such as the well-publicized Lion, Code Red, and NIMDA worms, and to hundreds of lesser-known security incidents that occur on a daily basis. U.S. government leaders have called for collaboration among federal agencies, academia and the private sector to define best practices in information security.
Responding to the call to action, Senator John Edwards introduced a bill in January - the Cybersecurity Preparedness Act of 2002 - that would first require that such best practices be applied to all government computers, then require federal grantees and contractors to follow the best practices if they receive taxpayer dollars.
The Center for Internet Security is a not-for-profit cooperative enterprise made up of 180 large and small user organizations, security professionals and auditors from 17 countries. The CIS Benchmarks are free to all computer users and may be downloaded from the Center for Internet Security website at www.cisecurity.org.
Copyright© 2019 Micro Focus Corporation. All Rights Reserved. Micro Focus and the Micro Focus logo are trademarks or registered trademarks of Micro Focus Corporation in the USA. All other trademarks, trade names, or company names referenced herein are used for identification only and are the property of their respective owners.