National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

The United States Government Configuration Baseline (USGCB) - Windows 7 Firewall Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.


Download Packages

The following table provides the downloads for the Windows 7 Firewall USGCB Content. VHDs are also available to use for testing. Additional information can be found in the FAQ.

Documentation GPOs SCAP Content CCE to 800-53 Mappings
  • USGCB Major Version 1.3.x.1 Settings
    Please refer to the top-level Microsoft Content Page for the listing of all USGCB settings and associated hash values.
  • USGCB Major Version 1.3.x.1 Known Issues
    Please refer to the top-level Microsoft Content Page for the listing of all known issues relating to USGCB content and associated hash values.
  • USGCB Windows 7 Firewall GPOs - 2011.11.10
    sha1
    7AC3038A3183398CBB7F22D3C5DE11251D88683F
    sha256
    0937E614240040382CC1223EFDF359C13D386C4692AC615A5CAE72429ED0E5CD
  • USGCB SCAP 1.2

    Windows 7 Firewall Content - 2015.04.20
    sha1
    E20D5E47E97F75CD6D914890F27CD5C2D47BC63C
    sha256
    1610D078E7B368B450E1D5D15FE849A04F1C62CC206ACD4127022E5AD4D2E857

Update History
Date Documentation GPOs SCAP Content CCE to 800-53 Mappings
April 20, 2015 No changes No changes USGCB minor version 1.3.0.1 Final Release SCAP 1.2 content posted. No changes
February 25, 2015 No changes No changes USGCB minor version 1.3.0.1 Release Candidate SCAP 1.2 content posted. No changes
February 25, 2015 No changes No changes Removed SCAP 1.0 USGCB content. No changes
November 28, 2012 No changes No changes SCAP 1.2 (Oval 5.10) content signature updated; no other change to content.. No changes
May 21, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
April 23, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
March 22, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
November 14, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
November 10, 2011 No changes USGCB GPOs posted No changes No changes
October 26, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
October 17, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
October 04, 2011 No changes No changes No changes National Checklist Program's Machine-readable CCE to 800-53 Mappings linked
September 21, 2011 USGCB major version 1.2.x.0 Settings and Known Issues posted No changes USGCB major version 1.2.x.0 SCAP content posted No changes
February 04, 2011 No changes USGCB major version 1.1.x.0 GPOs posted No changes No changes
January 31, 2011 USGCB major version 1.1.x.0 Settings and Known Issues posted No changes USGCB major version 1.1.x.0 SCAP content posted No changes
October 20, 2010 No changes USGCB GPOs posted No changes No changes
September 24, 2010 USGCB major version 1.0.x.0 Settings Known Issues posted No changes USGCB major version 1.0.x.0 SCAP content posted CCE mapping updates reflected in USGCB Settings spreadsheet
August 31, 2010 USGCB Beta Settings and updated SCAP content issues posted USGCB Beta GPOs posted USGCB Beta SCAP content posted CCE mapping updates reflected in USGCB Beta Settings spreadsheet
August 03, 2010 No changes No changes Alpha USGCB OVAL 5.3 patch content updated No changes
May 28, 2010 Setting clarification provided, no settings have changed Minor bug-fixes implemented Minor SCAP bug-fixes implemented Non-machine readable mappings can be found in USGCB Alpha Settings. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are available.
April 23, 2010 Alpha Content Released Alpha Content Released Alpha Content Released Alpha Content Released