  |
    |
|
|
|
|
|
Testimonials
What Members Say About CIS"My company had the privilege to become one of the charter
members of CIS. We support the Center financially, as well as
with our participation in the technical work. If you have not
done so yet, I very strongly urge you to become an active member
in this important organization. It's well worth the investment."
"Consensus efforts always provide a valuable place to start
improving your own security. I welcomed the opportunity to join
CIS. I want to be sure that any consensus includes my own input
as well!" "The CIS collaborative approach will help fill security knowledge
gaps. "A single company can't always experience all the things
that go wrong. It's just impossible." "The consensus process is creating big time buy-in. Everyone
wants to be heard. Everybody wants to have a voice in developing
solutions to the security challenges that confront all of us."
"Security consultants and vendors are not in agreement on
what needs to be done. The Center helps me have confidence that
I'm targeting the most important aspects of security first."
"The work that The Center is doing will improve auditors'
ability to assure the validity of information that is critical
to an organization's mission and value." "I appreciate the time and effort put into the consensus
development process. It makes me extremely satisfied to be a
member of the Center for Internet Security!" What User Say About the CIS Benchmarks"CIS is providing consensus benchmarks to help us achieve
a measurable level of security in our technical systems. We
envision the CIS benchmarks becoming the technical complement
to standards such as ISO 17799, the International Security Standard."
"Group consensus allows all of us to measure our efforts
to a neutral, uncontroversial standard, and it is from that
standard that a good definition of "due care" can be derived.
Without that consensus, who can say how much we should do to
protect ourselves?" "CIS is a global cooperative initiative through which industry,
government, and research leaders are establishing basic operational
security benchmarks and keeping them up to date. Its benchmarks
set a level of prudent practice that has been desperately needed
for a long time, not only within the department, but throughout
the IT community." "Organizations have a broad spectrum of computing architecture
but have no set of security standards that are universally accepted
as best practice. CIS benchmarks give us a common language --
a baseline from which to speak -- that we either meet the standards
or we don't." "At a technical level, experts from around the world agree
that CIS benchmarks represent a consensus prudent due care guideline
that sets the stage for protection against regulatory sanction
and prosecution." "I believe that security will be enhanced as organizations
adopt the CIS benchmarks. In today's world of eBusiness and
increasing networking between companies, the benchmarks are
an enabling mechanism for establishing trust between networked
sites and trading partners." What Users Say About The Solaris Benchmark & Scoring Tools"The Solaris Benchmark and scoring tools provide a LOT of
value. And downloading and installing them was a very simple
process. They are an excellent resource to draw from when reviewing
the Sun systems being added to our site." "I found the tool extremely useful in assisting in hardening
our DMZ systems. Even more important though was the documentation
provided. You just didn't say, "do this because we know better",
you explained why it should be done. I feel that makes the Benchmark
tool more valuable than almost anything else out there."
"The scoring tools are extremely valuable. To have the Benchmark
tool and Sara give me the info I need in one short session is
great and will save me innumerable hours of work. Thanks for
making this available to us!!" "The CIS Solaris Benchmarks are a welcome find! I've tightened
security by applying many of the suggestions from the tool.
Being a Health Care organization, we are facing many new security
challenges regarding HIPAA and this will only help in our battle
to meet the new requirements that will be placed upon us by
that act. Thanks for a tool that has real world functionality."
"The tool is very helpful and gave quick and easy insight
into ones systems security levels, which then need to be evaluated
at each site for changes and configurations that need to be
made." "The Benchmark is a very good Solaris security hardening
reference including simple "how to" steps as well as clear explanations
of the vulnerabilities. The CIS scan tool is an easy to use
and quick way to evaluate many systems and verify their level
of security." "I've always thought I did a pretty good job of securing
my boxes. After running your tool, I've discovered that my systems
are pretty tight (which makes me breath a sigh of relief), but
there is still room for improvement. The Solaris Benchmarks
Tool pointed out several areas that I had overlooked." "The tool actually helps ! One can quickly identify the weaknesses
present on a system and focus on those, without wasting time
checking out commonly known vulnerabilities that are solved
anyway by default. It's all about prioritization and putting
focus on actual risks. I'm anxious to test your tools for other
OS versions!" "I think this is a great tool. I'm so glad to finally have
documentation all in one place for steps to take. The document
is very self-explanatory and gives me all the information I
need to supplement our own installation procedures when (re)building
our machines." What Users Say About The Windows 2000 Benchmark & Scoring Tool"I was able to download the Windows 2000 Benchmark and Scoring
Tool, install the package, and obtain my first results in less
than an hour. Thorough, illustrated instructions guided me step-by-step
from download to interpretation of the results." "Use of the CIS Windows 2000 benchmark scoring tool drastically
reduces the time and effort required to manually audit each
server for configuration and patch revision history, and saves
having to write custom ADSI toolsets to automate this function
across the Windows 2000 Enterprise." "The CIS benchmark score provides instant feedback on the
security of a Windows 2000 system. It is a clear, concise report
that managers and auditors can use to rate their organization's
system security. The benchmark document provides the system
administrators with a clear set of action items that need to
be performed to raise the level of security. It is a great tool!"
"Cervalis implements multi-layer security measures to protect
our infrastructure as well as our customers' servers. The Windows
2000 security template developed by CIS is extremely helpful
for setting up our managed customers with an adequate due care
level of security to protect them from outside threats. It also
protects the Internet from abuse that could come from a zombie
inside one of our customers servers, should one ever be compromised."
"The CIS Win2000 Benchmark and Scoring Tool provide reliable
measuring sticks to test security. Operating as a small business,
independent consultant, I can't spend the time on security measures
that always-on Internet access really demands. The CIS Win2000
Benchmark and Scoring Tool has helped me to find and fix the
gaps in my defenses in just two evenings. Now I know I am better
protected, and I can prove this diligence to my clients. We
should look forward to the time when all operating systems on
the Internet are equally well protected, according to the uniform
standards established by the Center for Internet Security."
"I used the tool to assess a computer that recently had been
upgraded from Windows 98 to Windows 2000 Service Pack 2. Of
the 10 points available, my test system scored only 1.7
.. After
I downloaded and installed eight hot fixes and used the configuration
template, my test system scored a 10 upon reassessment
..The
CIS scoring tool is useful for any auditor who would like a
fast, easy method to assess a Windows 2000 computers basic
level of defense against intrusion." |
© 2009, the Center for Internet Security.
