An overview of the new security framework for Windows 10


Microsoft has recently published a new security configuration framework that provides system administrators with guidelines on what steps to take to protect their Windows 10 systems. The framework (also known as the SECCON framework) includes three components: policies, security controls and behaviors.

Security controls that do not support audit mode should be deployed gradually, while security controls that support audit mode need to be deployed by using a three-step methodology of audit, review and enforce. Microsoft suggests four stages of gradual deployment of security controls: deployment on systems in a lab, deployment on 2% to 5% of the organization’s systems, deployment on the next 25% of the organization’s systems and deployment on the remainder of the organization’s systems.

The SECCON framework mimics the defense readiness condition (DEFCON) framework used by the United States Armed Forces. The DEFCON framework contains five levels of readiness of the U.S. army. The highest level of readiness (DEFCON 1) is used for situations where a nuclear war is imminent, while the lowest level (DEFCON 5) is the default state of readiness of the U.S. army.

The SECCON framework also includes five levels. Level 1 indicates the need to implement the strictest security measures, while Level 5 requires the implementation of regular security measures. In this article, we will examine the five levels in detail. 

The five levels of the SECCON framework

Level 1 (Administrator workstation)

The strictest security measures need to be used by system administrators (mainly of security and identity systems) to protect administrator workstations. If those administrator workstations are subject to successful cyberattacks, it can have serious information security consequences. 

Microsoft has not yet announced the measures that will fall within the scope of Level 1. The lack of information about Level 1 measures makes the security configuration (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Dimov. Read the original post at: