Microsoft Security Compliance Manager (SCM)

Microsoft Security Compliance Manager (SCM)

Overview

Security Compliance Manager 3.0 (SCM 3.0) is a free tool from the Microsoft Solution Accelerator team that enables you to quickly configure and manage your desktops, traditional datacenter, and private cloud using Group Policy and System Center Configuration Manager. In addition to key features from the previous version, SCM 3.0 offers new baselines for Internet Windows Server 2012, Windows 8, and Internet Explorer 10.

SCM provides ready to deploy policies and DCM configuration packs that are tested and fully supported. These baselines are based on Microsoft Security guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.

Easily configure computers running the latest Windows® operating systems, Microsoft® Office applications, Windows Internet Explorer®, and Exchange Servers with industry leading knowledge and fully supported tools.

You can leverage SCM to import the current configuration of your computers using two different methods: first, you can import Active Directory-based group policies; second, you can import the configuration of a “golden master” reference machine by using the LocalGPO tool to backup the local group policy which you can then import into SCM. Compare your standards to industry best practices, customize them using rich knowledge, and seamlessly create new policies and DCM configuration packs in the user-friendly UI designed to work with Microsoft System Center Configuration Manager 2007 R2.

Wiki Articles about SCM:

What does SCM do?

SCM provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows® client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including Excel® workbooks, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use SCM to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Key Features and Benefits

SCM provides the following key features and benefits:

  • Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project!
  • Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature!
  • Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important!
  • Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems!
  • To learn more about the Security Compliance Manager tool, visit the TechNet Library.

 

Setup Requirements

The supported operating systems and requirements to use SCM include:

  • Windows® 7 and Windows® 8 or later
  • Local instance of SQL server 2008 or higher, else SCM will install SQL Server® 2008 Express edition
  • Microsoft .NET Framework 4
  • Windows Installer 4.5
  • Visual C++ 2010 Redist (this is included in SCM MSI)
  • An Internet connection to download Microsoft security baselines.

Optional

  • Microsoft® Excel® 2007 or later to export data in Excel workbooks
  • Microsoft Word or Microsoft Word Viewer (available as a free download) can be used to view Word documents

SCM is intended to work with System Center Configuration Manager 2007 or System Center Configuration Manager 2012 SP1 and the desired configuration management (DCM) feature of that product.

Note: You can use the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats (available as a free download) to open, edit, and save documents, workbooks, and presentations in Microsoft Office 2007 file formats. You also can use Microsoft Word or Microsoft Word Viewer (available as a free download) to view Word documents.

More Information

Security Compliance Manager (SCM) is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager provide tested guidance and automated tools to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost.


Sort by: Published Date | Most Recent | Most Useful
Comments
  • The original post of this article was a request for information around SCM1.0.  Since this is a wiki, I have moved the original request to this comment and changed the topic to a stub.

    EricB, MSFT

    >>>>>>

    Hi,

    I am currently evaluation theSecurtiy Complaince Manager 1.0 as an enterprise wide solution for baselining all end points and servers. It seems very promising in streamlining the compliance management of the organization, whichever standard it may be, as the baselines are customizable.

    Has anybody evaluated or used SCM in here? I am sure the answer would be yes :-) ! Would love to share/learn from their experince.

    Thanks,

    Ali