The tool has been developed by a group of private sector organisations and US government agencies, including the Centre for Internet Security, the SANS Institute, the US General Services Administration, the President's Critical Infrastructure Protection Board, the US National Security Agency and the National Institute of Standards and Technology.
Clint Kreitner, president and chief executive of the Centre for Internet Security, said the benchmark is designed to give companies and users a clear standard for achieving a baseline level of security in their Windows 2000 systems.
Users will be able to easily check the configuration of their systems by downloading a tool from the Centre for Internet Security's Web site that performs hundreds of configuration checks and then reports back to the user with a score signifying their level of compliance with the standard, he said.
"The tool really is the key because it gives you a score" to measure by and work from, he added.
The tool will not only help companies maintain secure configurations, it can also help vendors create new default security settings in their products to ensure better protection, said Kreitner.
The Centre for Internet Security already provides benchmarks and tools for a number of platforms including Unix operating systems and Cisco Systems routers. Future benchmarks will be created to cover Check Point firewalls, Cisco Pix firewalls, Solaris, Apache and IIS (Internet Information Services) Web servers, Oracle databases and more, he said.
Cooperation between the groups has been relatively smooth, with the Windows 2000 benchmark being completed in about two months, Kreitner said. "Everybody realises there's a common good here," he said.
Scott Charney, chief security strategist at Microsoft, said his company would work with the group on future security projects.
The benchmarks and configuration checking tools are available for free on the Centre for Internet Security's Web site, www.cisecurity.org.