U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-68 Rev. 1

Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

Date Published: October 2008

Supersedes: SP 800-68 (10/20/2005)

Planning Note (8/1/2018): Withdrawn: This operating system is no longer supported.


Karen Scarfone (NIST), Murugiah Souppaya (NIST), Paul Johnson (BAH)



Windows security; Federal Desktop Core Configuration; host security; Windows XP security  
Control Families

Access Control; Audit and Accountability; Configuration Management; Identification and Authentication; Maintenance; System and Communications Protection; System and Information Integrity; System and Communications Protection


SP 800-68 Rev. 1 (DOI)
Local Download

Supplemental Material:
Security Templates R1.2.1 (zip)
NIST Windows Security Baseline Database Application v0.2.7 (zip)

Document History:
10/24/08: SP 800-68 Rev. 1


Security and Privacy
audit & accountability; maintenance

operating systems

Laws and Regulations
OMB Circular A-130