Published: June 5, 2008
The Security Compliance Management toolkit is designed to help your organization meet its security and compliance needs. This toolkit provides you with information to help you establish security baselines and use compliance industry best practices from Microsoft. This guidance then demonstrates how your organization can efficiently monitor the implementation of security baselines for three of the most widely used Microsoft operating systems.
The Security Compliance Management toolkit helps automate this process to ensure that your security baselines do not change or drift from their prescribed values. You can accomplish this by using the desired configuration management (DCM) feature of Microsoft® System Center Configuration Manager 2007. The toolkit includes Configuration Packs for you to use with the DCM feature to monitor the computers in your environment.
At a high level, achieving security compliance consists of the following four-step process:
The steps in the following figure reinforce this process to illustrate how each portion of the Security Compliance Management toolkit fits into the overall process flow. The bulleted list of items next to each process step includes additional guidance from Microsoft that applies to each step. Best practice information for each step of the overall process is included in each chapter.
The Security Compliance Management toolkit primarily addresses the Plan, Deploy, and Monitor steps of the overall process. In addition, the guidance provides some information about how to remediate security baseline issues.
The toolkit contains background information about compliance, and planning advice about how to automate security compliance. In addition, the toolkit refers to other tools and guidance from Microsoft that you can use to establish and deploy a security baseline, and then monitor and maintain compliance with your established configuration. The toolkit also includes guidance on how to customize security baselines according to the specific risk posture of your environment.
The chapters in this guide emphasize understanding why security compliance is important, and the planning process required to support it. The guide also includes chapters that address the deployment and monitoring steps of the security compliance management process. Completing these steps of the process enables your organization to establish operating system security baselines on the computers in your environment, and then monitor them to ensure they are in compliance with the security requirements of your organization.
The Security Compliance Management toolkit is intended primarily for IT specialists, security specialists, network architects, and other IT professionals and consultants who plan and design deployments of Windows Vista®, Windows® XP with Service Pack 2 (SP2), and Windows Server® 2003 SP2 on desktop, laptop, and server computers in midsize to large organizations. This guidance is not intended for home users.
The effectiveness of security compliance management relies on individuals who share team responsibilities and who have strong skill sets and experience. Ideally, such a team includes members with security expertise (network, host, and application), strong technical (infrastructure, databases) and communication skills, and technical documentation and training expertise. This guidance is intended for IT professionals with experience and training to perform the following roles:
The purpose of this toolkit is to help IT professionals:
The information in this toolkit applies only to the following applications and tools:
The guidance for this toolkit does not apply to the earlier version of Configuration Manager called Systems Management Server (SMS) 2003 because the DCM feature was not available in that release. However, experience with SMS can help users to understand the underlying technology and principles that this toolkit uses. This guidance was tested on computers running Windows Vista, Windows XP Professional SP2, and Windows Server 2003 SP2.
You must use Configuration Manager with the DCM feature to use this toolkit, which is designed to help you manage the security compliance of the following operating systems:
The toolkit guidance is designed to help you monitor the compliance state of security baseline settings that are prescribed in the following guides:
This toolkit consists of the following components:
You can download these components from the Security Compliance Management page on the Microsoft Download Center.
This guide uses the following style conventions.
The Solution Accelerators – Security and Compliance (SA–SC) team would appreciate your thoughts about this solution accelerator.
Please use the following resources for questions about support and feedback:
We look forward to hearing from you.
The Solution Accelerators – Security and Compliance (SA–SC) team would like to acknowledge and thank the team that produced the Security Compliance Management toolkit. The following people were either directly responsible or made a substantial contribution to the writing, development, and testing of this toolkit.
Haikun Zhang – Minesage Co Ltd
Hui Zeng – Minesage Co Ltd
ZhiQiang Yuan – Minesage Co Ltd
Trevy Burgess – Excell Data Corporation
Subject Matter Expert
Tony Noblett – Socair Solutions
John Cobb – Wadeware LLC
Jennifer Kerns – Wadeware LLC
Steve Wacker – Wadeware LLC
Karla Korchinsky – Xtreme Consulting Group Inc
Sumit Parikh – Infosys Technologies Ltd
Bidhan Chandra Kundu – Infosys Technologies Ltd
Manish Patel – Infosys Technologies Ltd
Jeremiah Beckett – Secure Vantage, Derick Campbell, Chase Carpenter, Rick Carper, Adeep Cheema, Chew Hung Pong, Tom Cloward, Karl Grunwald, David Hoelscher, Hui Zeng – Minesage Co Ltd., David Kennedy, Onur Koc, Kathy Lambert, Jose Maldonado, Luis Martinez, Carmelo Milian, Kenneth Pan, Vlad Pigin, Greg Shields – Realtime Windows Server Community, Mark Simos, Jeffrey Sutherland, Richard Xia