Each week via Twitter we post a daily audit checklist tweet for all the IS auditors and security administrators out there in the tweet-o-sphere. But, we realize not everyone is ready for Twitter, and many of you are still resisting (you can keep trying, but eventually you will give in and start tweeting, everyone will eventually…), so we’ve decided to start posting them in our blog as well. So once each week we’ll post the audit checklists and audit tools that we posted into Twitter here in our blog as well. This way everyone will have a chance to enjoy all the audit fun!

We kept the technology focus last week and decided to post links to checklists and security guides that we thought would help people with their audits of Microsoft Windows systems. This may or may not be related to my migration to Windows 7 this week personally. What can I say though, I just can’t help myself sometimes. So enjoy your Windows audits. This coming week we’ll go back to some process controls. Enjoy the privacy checklists this week…

Microsoft Windows Audit Checklists & Security Guides:

General Windows Security

Microsoft Windows Vista

Microsoft Windows Server 2008

Microsoft Windows Server 2003

DISA Checklists for Windows

Microsoft Windows XP

Microsoft Windows Audit Tools:

Microsoft Baseline Security Analyzer


WinFingerprint (Link no longer available)


DISA Gold Disks (Old Link Removed)

Quest Reporter

We hope everyone will enjoy and use these tools this week. If you have suggestions or ideas for future audit checklists or tools, please let us know, we’d love to hear your feedback.