|SP 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals
Special Publication (SP) 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals, has been published as final. It seeks to assist IT professionals in securing Windows XP Professional systems running Service Pack 2 or 3. The guide provides detailed information about the security features of Windows XP and security configuration guidelines. SP 800-68 Revision 1 updates the original version of SP 800-68, which was released in 2005.
| NIST Windows Security Baseline Database (Beta)
The NIST Windows Security Baseline Database contains information on security setting baselines for Microsoft Windows XP, Windows Vista, Internet Explorer 7 (IE7), and Windows Firewall that are specified in NIST security templates and in the Federal Desktop Core Configuration (FDCC) Major Version 1.0. The database allows interested parties to view security settings by baseline or by policy (e.g., FDCC), as well as to compare baselines to each other. The information in the database is intended to supplement Draft SP 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals.
for Securing Microsoft Windows Vista
NIST has collaborated with the Defense Information Systems Agency
(DISA), the National Security Agency (NSA), and Microsoft Corporation
to produce Microsoft's Windows Vista
baseline security settings for the Enterprise (EC) and Specialized
Security/ Limited Functionality (SSLF) environments. These recommended
baselines/profiles are represented in the Microsoft Vista security
guide. NIST also collaborated with industry to produce the XML
representation of the recommended profiles in Extensible Configuration
Checklist Description Format (XCCDF) and the Open Vulnerability
and Assessment Language (OVAL).
questions may be addressed to email@example.com.
for Securing Microsoft Windows XP Home Edition: A NIST Security
Special Publication 800-69
NIST is pleased
to announce the release of the Special
Publication 800-69, Guidance for Securing Microsoft Windows
XP Home Edition: A NIST Security Configuration Checklist. SP 800-69 provides guidance
to home users, such as telecommuting Federal employees, on improving
the security of their home computers that run Windows XP Home Edition.
Home computers face many threats from people wanting to cause mischief
and disruption, commit fraud, and perform identity theft. The publication
explains the need to use a combination of security protections,
such as antivirus software, antispyware software, a personal firewall, limited
user accounts, and automatic software updates, to secure a computer against threats and maintain its security. It also emphasizes the importance of performing regular backups to ensure that user data
is available after an adverse event such as an attack against the computer, a hardware failure, or human error. The publication contains detailed step-by-step directions for securing Windows XP Home Edition computers that can be performed by experienced Windows XP Home Edition users.
Comments and questions may be addressed to to firstname.lastname@example.org.
for Securing Microsoft Windows XP Systems for IT Professionals:
A NIST Security Configuration Checklist
Special Publication 800-68
Publication 800-68 has been created to assist IT professionals,
in particular Windows XP system administrators and information security
personnel, in effectively securing Windows XP Professional SP2 systems.
It discusses Windows XP and various application security settings
in technical detail.The guide provides insight into the threats
and security controls that are relevant for various operational
environments, such as for a large enterprise or a home office. It
describes the need to document, implement, and test security controls,
as well as to monitor and maintain systems on an ongoing basis.
It presents an overview of the security components offered by Windows
XP and provides guidance on installing, backing up, and patching
Windows XP systems. It discusses security policy configuration,
provides an overview of the settings in the accompanying NIST security
templates, and discusses how to apply additional security settings
that are not included in the NIST security templates. It demonstrates
securing popular office productivity applications, Web browsers,
e-mail clients, personal firewalls, antivirus software, and spyware
detection and removal utilities on Windows XP systems to provide
protection against viruses, worms, Trojan horses, and other types
of malicious code. This list is not intended to be a complete list
of applications to install on Windows XP system, nor does it imply
NIST's endorsement of particular commercial off-the-shelf (COTS)
questions may be addressed to email@example.com.
Systems Administration Guidance for Windows 2000 Professional
Special Publication 800-43
Administration Guidance for Windows 2000 Professional publication
is intended to assist the users and system administrators of Windows
2000 Professional systems in configuring their hosts by providing
configuration templates and security checklists. The guide provides
detailed information about the security features of Win2K Pro, security
configuration guidelines for popular applications, and security
configuration guidelines for the Win2K Pro operating system. The
guide documents the methods that the system administrators can use
to implement each security setting. The principal goal of the document
is to recommend and explain tested secure settings for Win2K Pro
workstations with the objective of simplifying the administrative
burden of improving the security of Win2K Pro systems.
document also includes recommendations for testing and configuring
common Windows applications. The application types include electronic
mail (e-mail) clients, Web browsers, productivity applications,
and antivirus scanners. This list is not intended to be a complete
list of applications to install on Windows 2000 Professional, nor
does it imply NIST's endorsement of particular commercial off-the-shelf
(COTS) products. Many of the configuration recommendations for the
tested Windows applications focus on deterring viruses, worms, Trojan
horses, and other types of malicious code. The guide presents recommendations
to protect the Windows 2000 Professional system from malicious code
when the tested applications are being used.
questions may be addressed to firstname.lastname@example.org.