The Center for Internet SecurityThe Center for Internet Security Site MapContact UsPrivacy Policy
The Center for Internet Security
HomeNewsWhat is CIS?Benchmarks/ToolsOther ResourcesJoin UsTestimonialsFAQ
CIS Members site

Become a Member of CIS - Click here for more info

More than 170 members, from around the wrold! Click here for more info

Get Involved - Click here for more info



CIS certifies commercial software. Click here for more info

CIS licenses resources for commercial use. Click here for more info.

click here to find out about CIS trademarks.

Click here to find out about upcoming conferences and events!

 Benchmarks/Tools
CIS Benchmarks for SQL Server 2005 and SQL Server 2000 Database - Click Here to Download Them
- FAQ - The Benchmarks

April 2007:

The SQL Server 2005 (v1.0) and SQL Server 2000 (v1.0) Benchmarks are now available!
The Download Files:
  • CIS_SQL2005_Benchmark_v1.0.pdf: An Adobe PDF file that contains the Level 1 and Level 2 security configuration settings and recommendations for SQL Server 2005 databases.
  • CIS_SQL2000_Benchmark_v1.0.pdf: An Adobe PDF file that contains the Level 1 and Level 2 security configuration settings and recommendations for SQL Server 2000 databases.
  • NOTE:  There are currently no scoring tools available for the SQL Server 2005 or SQL Server 2000 Benchmarks.
What are the Benchmarks?
The Benchmarks are a compilation of security configuration actions and settings that "harden" SQL Server 2005 and SQL Server 2000 databases.  They recommend Level 1 Benchmark guidance, representing the prudent level of minimum due care for operating system security.

Level 1 Benchmark settings/actions:

  • Can be understood and peformed by system administrators with any level of security knowledge and experience
  • Are unlikely to cause an interruption of service to the operating system or to the applications that run on it, and
  • Can be automatically monitored either by CIS Scoring Tools or by CIS Certfied tools available from security software vendors.  Click Here for a roster of commercially available CIS-certified software tools. 
The Level 2 Benchmark settings/actions:
  • Enhance security beyond the minimum due care level, based on specific network architecture and server function. 
  • Contain some security configuration recommendations that affect functionality, and are therefore of greatest value to system administrators who have sufficient security knowledge to apply them with consideration to the functions and applications running in their particular environments.
Share Your Feedback
We value your feedback, which may be used both to update the Level 1 SQL Server 2005/2000 Benchmarks and to further define the Level 2 security configuration recommendations. 

Please direct your feedback to:

The CIS Feedback Email Address

Please direct other feedback to:

Bert Miuccio, Vice President

For more information about the CIS consensus process and the benchmarks, go to What are the Benchmarks? and FAQ - The Benchmarks.
 
Updates to the Benchmarks and Scoring Tool
The CIS Level 1 & 2 SQL Server 2005 and SQL Server 2000 Benchmarks are updated periodically.  Continuous feedback from CIS Members and other users assures that the consensus standard of minimum due care is always reflected in the recommended settings. 

Revision histories can be found in the benchmark documents.  One of the benefits of CIS Membership is electronic notification when updates become available. 

Click Here for more information about membership.  If your organization is not a member of the Center, visit this website periodically to assure that you are using the latest version of the SQL Server 2005 and SQL Server 2000 Benchmarks.

DOWNLOAD the CIS Level 1 & 2 SQL Server 2005 and SQL Server 2000 Benchmarks



Logo and Design by Keiler
© 2007, the Center for Internet Security.