On 9 September 2008 the Center for Internet Security unveiled its new CIS Security Metrics Service to develop, publish and maintain new software security benchmarks, baselines, and analysis tools for a wide variety of applications to ensure best practices.
The ultimate goal of the CIS benchmarking programme is to help the US improve its defences against domestic and international cybercrimes and other online threats. If everyone – from government agencies to businesses to user communities – patches common vulnerabilities and protects against known attack methodologies, a significant portion of system intrusion and data loss will be eliminated.
CIS is a not-for-profit consortium of more than 170 security professionals, organisations, and agencies from around the world whose primary mission is to prevent businesses and government agencies from becoming victims of cybercrimes due to inadequate IT security.
To date, CIS has developed and published security benchmarks for Solaris, HP-UX, Windows NT, Windows 2000, Linux, and Cisco router IOS. These benchmarks are compilations of security best practices from various federal agencies, such as the National Security Agency, Department of Defense, and the Defense Information Systems Agency; as well as private-sector security organisations, such as SANS.