Scap adoption at microsoft
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

SCAP Adoption at Microsoft PowerPoint PPT Presentation


  • 544 Views
  • Updated On :
  • Presentation posted in: General

Accelerating the adoption of Microsoft technologies. SCAP Adoption at Microsoft. Kelly Hengesteg, Principal Group Manager. Agenda. Solution Accelerators Microsoft Security Baselines System Center Configuration Manager Extensions for SCAP Security Compliance Manager Questions.

Download Presentation

SCAP Adoption at Microsoft

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Scap adoption at microsoft

Accelerating the adoption of Microsoft technologies

SCAP Adoption at Microsoft

Kelly Hengesteg, Principal Group Manager


Agenda

Agenda

  • Solution Accelerators

  • Microsoft Security Baselines

  • System Center Configuration Manager Extensions for SCAP

  • Security Compliance Manager

  • Questions

Microsoft.com/SolutionAccelerators


Solution accelerator team

Solution Accelerator Team

  • Accelerate the adoption of Microsoft technology in every organization

Over 2.55 million downloads a year

+ 24M SysInternals downloads

4.39M Download page views

58% conversion rate

Customer satisfaction

158 NSAT currently

NSAT uplift 24 w/use of SA

87% accelerated adoption

Partner satisfaction

128 NSAT currently

91% accelerated adoption

60.9% used by Partners

Product impact

Models

Guidance

Scripts and Code

Scripts

Guidance

Tools

Models

Microsoft.com/SolutionAccelerators


How do we build accelerators

How Do We Build Accelerators?

Products & Technologies

Input

Output

Best Practices

Frameworks

  • Customers

  • Partners

  • Product Groups

  • Microsoft

  • Research

  • Industry

Engineering

  • Solution Accelerators

    • Partner andMicrosoft Service offerings

    • Productimprovements

    • TechNet

    • Microsoft Learning

    • Microsoft Press

Microsoft.com/SolutionAccelerators


Most popular solution accelerators

Most Popular Solution Accelerators

  • Microsoft Deployment Toolkit 2010

  • Microsoft Assessment and Planning Toolkit

  • Security Compliance Management Toolkit

  • Malware Removal Starter Kit

  • Infrastructure Planning and Design Guide Series

  • Microsoft Operations Framework

Microsoft.com/SolutionAccelerators


System center configuration manager extensions for scap

Leverage existing SCCM Infrastructure to meet FDCC mandate

System Center Configuration Manager Extensions for SCAP


System center configuration manager extensions for scap1

System Center Configuration Manager Extensions for SCAP

Attained NIST recognition for SCCM 2007 as a SCAP-validated tool with FDCC scanning capability June ‘09

  • Consume SCAP data streams

  • Assess a system for compliance

  • Report results in SCAP format

    System Center Configuration Manager Extensions for SCAP

    Enables agencies to take advantage of their existing SCCM infrastructures to meet the reporting requirements of the FDCC mandate

Microsoft.com/SolutionAccelerators


Solution architecture

Solution Architecture

Command line tool that converts SCAP content for FDCC into DCM configuration packs

Leverages SCCM 2007 feature of desired configuration management to conduct assessment

Deploy SCMDCM script to clients to assess a subset of settings in the FDCC

FDCC SCAP content

SCCM DCM configuration pack

SCCM 2007

SCAP2DCM

DCM2SCAP

Assesses client compliance

Conversion tool

Conversion tool

SCMDCMscript

Command line tool that converts SCCM DCM assessments to SCAP format

SCAP reports

SCCM DCM report

Output logs

Admin input

Microsoft.com/SolutionAccelerators


Requirements

Requirements

SCAP2DCM & DCM2SCAP conversion tools

Current versions of both x86 and x64 Windows

Requires Microsoft .NET 2.0 or later

SCMDCM script

Current versions of 32-bit Windows

Packaging

  • MSI

    • SCAP2DCM.exe

    • DCM2SCAP.exe

    • ScmDcm.exe (packaged in ScmDcm.msi)

    • Configuration files

    • Release notes, user guide, FAQ, data mapping documentation

Microsoft.com/SolutionAccelerators


Implementation prerequisites

Implementation Prerequisites

Microsoft.com/SolutionAccelerators


Deploy

Deploy

Microsoft.com/SolutionAccelerators


Security compliance manager

Scan

Microsoft.com/SolutionAccelerators


Security baselines

Security baselines


Background

Background

  • Started developing security guides in 2002 (Windows 2000 Security Guide)

    • The goal was to:

      • Help reduce support costs due to …unsupportable configurations

      • Reduce the conflicting security guidance available to our customers, drove the creation of the SCRB (Security Content Review Board) today resides in the TwC team

      • Bring together multiple government agencies to collaborate and produce a unified guide

Microsoft.com/SolutionAccelerators


Evolution of the security guide

Evolution of the Security Guide

Security Guide

Threats & Countermeasures

Appendix

XLSM

XML

Guidance

InternalRepository

SCCM DCM

Group PolicyObjects

Excel listingof settings

Security Templates (GPO’s)

SCAP

Microsoft.com/SolutionAccelerators


Security compliance management toolkit series

Security Compliance Management Toolkit Series

An end-to-end solution to help you plan, deploy, and monitor your security baselines.

Based on tested guidance by Microsoft security experts

Available as a freedownload from Microsoft

Microsoft.com/SolutionAccelerators


Security baseline portfolio

Security Baseline Portfolio

  • http://www.microsoft.com/securitycompliance

  • Available Today

    Security Compliance Management ToolkitIncludes GPO Accelerator, SCCM DCM configuration packs, and security guidance)

    • Windows XP Security Baseline

    • Windows Vista Security Baseline

    • Windows Server 2003 Security Baseline

    • Windows Server 2008 Security Baseline

    • 2007 Office Security Baseline

    • Windows 7 Security Baseline (just released)

      • Bit Locker Security Baselines (just released)

    • Internet Explorer 8.0 Security Baseline (just released)

  • Hyper-V Security Guide

Microsoft.com/SolutionAccelerators


Roadmap

Roadmap

FY10

  • Exchange Server 2007 Security Baseline

  • Windows Server 2008 R2 Security Baseline

  • Hyper-V (R2 refresh) Security Guide

  • SQL Server 2008 – RBDMS only Baseline

    Future

  • Exchange Server 2010 Security Baseline

  • Office 2010 Security Baseline

  • Office SharePoint Server 2007 / 2010 Security Baseline


Security compliance manager

Enabling Baseline Management

Security Compliance Manager


Managing security baselines

Managing Security Baselines

  • Tool provides:

    • Exportation of baseline in multiple formats/standards

    • Classified data (structuralized)

    • Improved data presentation

    • Unified experience from security baseline deployment to compliance check

    • Ability to customize baseline

    • Compare and merging of baselines

Microsoft.com/SolutionAccelerators


Current requirements

Current Requirements

Want to see our work in progress? Check out our connect site here, https://connect.microsoft.com/site/sitehome.aspx?SiteID=715

Security Compliance Manager:

Enough free disk space/memory

Admin must be logged on

Windows Installer 2.0 or greater

Current versions of both x86 and x64

Windows XP or later

Requires Microsoft .NET 2.0 or later

Requires SQL Express 2008 or later

Microsoft Office 2007 SP2 or later (Word & Excel)

Single instance/user mode only

Availability:

Beta Release early Feb ’10

RTM early April ‘10

Microsoft.com/SolutionAccelerators


Security compliance manager

demo

Security Compliance Manager v.1.0


Future ideas

Future Ideas

  • Capabilities:

    • Increase export formats to include System Center Operations Manager (events)

    • Provide import formats beyond SCM v.1.0 format

      • System Center Operations Manager packs

      • System Center Configuration Management DCM packs

      • SCAP

    • Provide full authoring mode for new settings and/or events

Microsoft.com/SolutionAccelerators


Security compliance manager

Questions?

Follow-up questions contact us at [email protected]

or [email protected]

Microsoft.com/SolutionAccelerators


Security compliance manager

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


  • Login