New NIST program aims to foster better security checklists

Securing today's complex information systems and products can be a very complicated, arduous and time-consuming process for even the most experienced system administrator. While the solutions to IT security are complex, one basic, yet effective tool is the security configuration checklist, sometimes called a lockdown or hardening guide. Basically, a checklist is a series of instructions for configuring an information technology (IT) product to a baseline or benchmark level of security.

The National Institute of Standards and Technology (NIST), with sponsorship from the Department of Homeland Security (DHS), has developed a program to facilitate the development and sharing of security configuration checklists. The program helps developers make checklists that conform to common operational environments; provides guidelines for making better documented and more usable checklists; provides a managed process for reviewing, updating and maintaining checklists; and includes an easy-to-use repository of checklists.

A recently published NIST report, Security Configuration Checklists Program for IT Products-Guidance for Checklists Users and Developers (NIST Special Publication 800-70) gives an overview of the NIST Checklist Program, explains how to retrieve checklists from NIST's repository and provides general information about threats and baseline technical security policies for associated operational environments. It also describes the policies, procedures and general requirements for checklist developers to participate in the program. The report and other information is available at http://checklists.nist.gov

•Date: 31st August 2005 • Region: US/World • Type: Article •Topic: ISM
Rate this article or make a comment - click here