u] What are the Benchmarks and Scoring Tool The Benchmarks are compilations of configuration actions and settings recommended to improve the security of Windows 2000, 2003, NT and XP operating systems. The Windows XP Professional and Windows Server 2003 Benchmarks: These benchmarks define multiple "levels" within one document. The levels are: Legacy: Settings in this level are designed for XP Professional/2003 Server systems that need to operate with older systems such as Windows NT, or in environments where older third party applications are required. The settings will not affect the function or performance of the operating system or of applications that are running on the system. Enterprise Standalone: Settings in this level are designed for XP Professional/Server 2003 systems operating in a managed environment where interoperability with legacy systems is not required. It assumes that all operating systems within the enterprise are Windows 2000 or later, therefore able to use all possible security features available within those systems. In such environments, these Enterprise-level settings are not likely to affect the function or performance of the OS. However, one should carefully consider the possible impact to software applications when applying these recommended XP Professional technical controls. Enterprise Mobile: These settings are nearly identical to the Enterprise Standalone settings, but with modifications appropriate for mobile users whose systems must operate both on and away from the corporate network. In environments where all systems are Windows 2000 or later, these Enterprise-level settings are not likely to affect the function or performance of the OS. However, one should carefully consider the possible impact to software applications when applying these recommended XP Professional technical controls. Specialized Security - Limited functionality: Settings in this level are designed for XP Professional/2003 Server systems in which security and integrity are the highest priorities, even at the expense of functionality, performance, and interoperability. Therefore, each setting should be considered carefully and only applied by an experienced administrator who has a thorough understanding of the potential impact of each setting or action in a partiular environment. The Level-I Windows Benchmarks for NT and 2000 settings/actions: (the minimum level of due care) Can be understood and performed by system administrators with any level of security knowledge and experience, and applied to server or workstation operating systems. Are unlikely to cause an interruption of service to the operating system or the applications that run on it. Can be automatically monitored either by CIS Scoring Tools or by CIS-certified tools available from software vendors. Click Here for a roster of commercially available CIS-certified software tools. The Level-2 Windows 2000 Professional and Server benchmarks: (prudent security beyond the minimum level) Should be applied only to Windows 2000 workstation and server operating systems. Contains some security configuration recommendations that affect operating system function, and are therefore of greatest value to system administrators who have sufficient security knowledge to apply them with consideration to OS functions and software applications running in their particular environments. The CIS NG Scoring Tool provides a quick and easy way to evaluate your host systems and compare their level of security against the Benchmarks. Tool reports guide system administrators to harden both new installations and active production systems. The tool is also effective for monitoring systems to assure that security settings continuously conform with the Benchmark.