Based on the DEFCON levels, Microsoft unveiled the SECCON framework, a series of guides for securing a range of Windows 10 configurations in different environments.
Starting with an "administrator workstation" at level 1 and moving to "Enterprise Security" at level 5, Microsoft offers an infrastructure to simplify and standardize security. Although it is not a single solution, the company says it "defines discrete prescriptive security configurations for Windows 10 to address many common device scenarios." in the company ".
Chris Jackson, Senior Program Manager, commented, "Previously, we had defined the security configuration of Windows 10 as a task that each customer had to adjust, so we observed as many different configurations as we saw from clients Standardization has many benefits, so we have developed a security configuration infrastructure to simplify security configuration while maintaining sufficient flexibility to allow you to balance security, productivity and user experience. "
The five levels were developed by Microsoft after working with a group of selected pilot customers, experts from Microsoft's technical team and the Microsoft sales sector. The levels are described as follows:
- 5. Security of the company – We recommend this configuration as a minimum security configuration for a corporate device. The recommendations for this level of security configuration are usually simple and are designed to be deployable within 30 days.
- 4. High enterprise security – We recommend this configuration for devices where users access sensitive or confidential information. Some of the controls can have an impact on application compatibility, and therefore often go through an audit-configure-apply workflow. Recommendations for this level are generally available to most organizations and are designed to be deployable within 90 days.
- 3. Enterprise VIP Security – We recommend this configuration for devices managed by an organization with a larger or more sophisticated security team, or for specific users or groups that are at particularly high risk (for example, an organization has identified users who are managing data whose theft would be directly and seriously damaged, impact on the price of their shares). An organization likely to be targeted by sophisticated and well-funded opponents should aspire to this configuration. Recommendations for this level of security configuration can be complex (for example, removing local administrator rights for some organizations may be a long project in itself) and can often go beyond 90 days.
- 2. DevOps Workstation – We recommend this configuration to developers and testers, which is an attractive target for both supply chain attacks and data type attacks that attempt to access servers and systems that contain malicious code. data of great value or likely to disrupt the essential functions of the company. We continue to develop these directions and will make another announcement as soon as they are ready.
- 1. administrator workstation – Administrators (especially identity or security systems) are most at risk of theft, alteration or disruption of services. We continue to develop these directions and will make another announcement as soon as they are ready.
A preliminary version of the Security Configuration Structure documentation is available here and Microsoft is waiting for users to provide feedback.