Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security group benchmarking Solaris

From: William Knowles <wk () C4I ORG>
Date: Wed, 29 Nov 2000 12:46:29 -0600
http://www.fcw.com/fcw/articles/2000/1127/web-cis-11-29-00.asp

BY Diane Frank
11/29/2000

A new collaborative security organization is preparing to release the
first in a wave of security benchmarks for commercial products widely
used in government, industry and academia.

The Center for Internet Security is a nonprofit organization composed
of more than 80 members from government agencies, law enforcement,
academia and industry. It plans to provide internationally agreed-upon
technical benchmarks and certifications, said Clint Kreitner, chief
executive officer of the center.

The organization will release a benchmark for Sun Microsystems Inc.s
Solaris operating system before the end of the year.

Other benchmarking efforts include:

* The Institute for Security Studies at Dartmouth College is
  developing a benchmark for the Linux operating system.

* The National Security Agency will soon come out with an initial
  benchmark for Microsoft Corp's Windows 2000.

The CIS is based on the idea "that only through effective, systematic,
collective action do we have any hope" of combating security threats,
Kreitner said. "We cannot ignore the common good in the pursuit of
self-interest."

Franklin Reeder, chairman of the center, added that "the role of the
center will not be to develop tools, but to certify tools."

Whether this certification will be similar to the "Consumer Reports"
model or more like the Underwriters Laboratories Inc. model is still
under consideration, but the center will partner with and build on
work done by organizations such as NSA, the National Institute of
Standards and Technology and the Common Vulnerabilities and Exposures
project led by Mitre Corp., Kreitner said.

Federal members of the center include NIST, NASA, the Dahlgren Naval
Surface Warfare Center, the Defense Departments Computer Emergency
Response Team and the Treasury Departments Financial Management
Service. Other government participants include the Washington State
Department of Health, the Canadian Communications Security
Establishment and the Royal Canadian Mounted Police.

[ Center for Internet Security  - http://www.cisecurity.org/ ]


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: