The Security Content Automation Protocol (SCAP) content that we publish contains benchmarks to help determine compliance with several industry security standards. Common benchmarks include:
- Windows Center for Internet Security (CIS)
- Windows Payment Card Industry Data Security Standard (PCI DSS)
These benchmarks contain profiles that are used to select a subset of rules and rule values that apply to specific operating system platforms. Profiles are also designed to allow for varying requirements when implementing the security standard. For instance, specialized environments that contain sensitive customer information might need to audit the same Windows settings as less sensitive environments. But, they are likely to require stricter values for those settings.
Starting with the 1094 Audit Engine Content, the following benchmarks are updated to include generic profiles for all supported Windows operating system platforms (Windows XP, 2003, Vista, 2008, 2008 R2, Windows 7, and Windows 10):
The Windows CIS, Windows PCI DSS, and Windows NERC benchmarks have also been updated to support the following security posture profiles for each applicable operating system platform:
- Legacy
- Enterprise
- Specialized Security
If you require a benchmark to be updated to include more profiles,
submit a new product idea.
The Ideas forum is accessible only to customers. Click
Sign In and enter your ServicePortal User ID and password. If you do not yet have a ServicePortal or Community account, click
Register to register for a new account on either website.
For more information about product ideas, see
KB60021 - How to submit a new Product Idea.
