Some outright rants from a bunch of infosec practitioners.



Windows Server 2008 R2 BSI-compliance

Recommendations by the German Federal Office for Information Security (BSI – Bundesamt für Sicherheit in der Informationstechnik) are obligatory for German government agencies, civil services and authorities (like recommendations of the NIST are relevant to American government agencies and authorities). They are often used as references and security best practices in other countries as well. Hence it is hard to understand why the recommendations on how to harden Windows Server 2008 based systems were published only some weeks ago and only on a preliminary draft basis (which is, obviously, better than nothing ;-)).

We at ERNW, however, did an overall baseline security approach of Windows Server 2008 R2 and Active Directory for a large German authority last year. The aim was to fullfil the requirements of the German Federal Office for Information Security without having precise technical guidelines by the BSI itself (from our side we do have guidelines of course ;-)). The hardened Windows Server 2008 R2 environment was then approved at the end of 2011 by the German BSI. Now we published the results of our overall approach in our latest newsletter [German language].

Enjoy reading!
Friedwart Kuhn

PS: There’s also a digitally signed version of the newsletter. (Because it is signed with a qualified certificate, the validation requires an appropriate validation software, for example SecSigner from SecCommerce – which is free software).

RSS Feed

3 Comments for Windows Server 2008 R2 BSI-compliance

Christian | December 1, 2012 at 5:18 pm

Links to the Newsletters end in 404?

Author comment by mluft | December 4, 2012 at 2:57 pm


thanks for the hint, we updated the links!

Have a good one,

Christian | December 9, 2012 at 1:07 am


Leave a comment!





Mail | Twitter | Imprint

©2016 ERNW GmbH
To top