Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-68 Rev. 1

Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

Date Published: October 2008

Supersedes: SP 800-68 (10/20/2005)

Planning Note (08/01/2018): Withdrawn: This operating system is no longer supported.


Karen Scarfone (NIST), Murugiah Souppaya (NIST), Paul Johnson (BAH)



Windows security; Federal Desktop Core Configuration; host security; Windows XP security  
Control Families

Access Control; Audit and Accountability; Configuration Management; Identification and Authentication; Maintenance; System and Communications Protection; System and Information Integrity


Download URL

Supplemental Material:
Security Templates R1.2.1 (zip)
NIST Windows Security Baseline Database Application v0.2.7 (zip)

Document History:
10/24/08: SP 800-68 Rev. 1 (Final)


Security and Privacy

audit & accountability, maintenance


operating systems

Laws and Regulations

OMB Circular A-130