How to Write a Good Benchmark

5 Tips | Additional Information

5 tips for writing benchmarks that are clear, concise, and unambiguous

1. The recommendation should be a directive using imperative voice.
   • For example, write "Apply the NSA guide on Windows Server 2003" rather than "It is recommended that the NSA guide on Windows Server 2003 be applied".
2. Put the word "only" close to the word(s) it modifies to avoid any potential ambiguity in the statement.
   • For example, write "Allow only administrators to have read access to the C:\Windows folder" rather than "Restrict access to the C:\Windows folder for non-authenticated users".
3. Do not use the words "restrict" or "limit" to ensure clarity.
   • For example, write "Allow only authenticated users to have access to the C:\Windows folder" rather than "Restrict access to the C:\Windows folder for non-authenticated users".
4. Do not use the word "allocate" with regard to setting rights or permissions. Instead use "grant" or "deny".
   • For example, write "Grant Read permission to the NT/Authority group" rather than "Allocate Read permission to the NT/Authority group".
5. Use and/or reference industry standards whenever possible. Use of widely-recognized and community-endorsed standards facilitates clear communication, saves time and expense, and often provides pointers to further useful information.
   • For example, use Common Platform Enumeration (CPE™) to identify common platforms, Common Configuration Enumeration (CCE™) to reference security configuration issues, and NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems for established security-relevant configuration options.

BACK TO TOP

Additional Information

For additional information please see About Benchmark Development, Benchmark Basics, and Benchmark Development Resources. For hands-on instruction, please sign-up for our free Benchmark Development Course.

BACK TO TOP

Page Last Updated: November 12, 2009