National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

The United States Government Configuration Baseline (USGCB) - Windows 7 Firewall Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.


Download Packages

The following table provides the downloads for the Windows 7 Firewall USGCB Content. VHDs are also available to use for testing. Additional information can be found in the FAQ.

Documentation GPOs SCAP Content CCE to 800-53 Mappings
  • USGCB Major Version 1.2.x.0 Settings
    Please refer to the top-level Microsoft Content Page for the listing of all USGCB settings and associated hash values.
  • USGCB Major Version 1.2.x.0 Known Issues
    Please refer to the top-level Microsoft Content Page for the listing of all known issues relating to USGCB content and associated hash values.
  • USGCB Windows 7 Firewall GPOs - 2011.11.10
    sha1
    7AC3038A3183398CBB7F22D3C5DE11251D88683F
    sha256
    0937E614240040382CC1223EFDF359C13D386C4692AC615A5CAE72429ED0E5CD
  • SCAP 1.2 (Oval 5.10)

    Windows 7 Firewall Content - 2012.11.28
    sha1
    C694B624522053387AE277DA4094FA098866E8FA
    sha256
    4AFCDE8CE854EBCCED3BEE9BFE2C63AB43E8FA60B0B65FDE13174FEB1078543F
  • SCAP 1.0 (Oval 5.4)

    Windows 7 Firewall Content - 2012.05.21
    sha1
    D900A70A866A4D3D9C46803BA56BB807587537FD
    sha256
    149EE38B51A3976A1C917996E6F160192EB81E02F937A92ED767E7037CFBD6E6
  • SCAP 1.0 (Oval 5.3)

    Windows 7 Firewall Content - 2012.05.21
    sha1
    27F9198684EE655EEDA498A680E30A3AFBE0329C
    sha256
    3F77206CC0934E2C323568D5488F66B052BC67ACD91A7B56531D22660B89ED26

Update History
Date Documentation GPOs SCAP Content CCE to 800-53 Mappings
November 28, 2012 No changes No changes SCAP 1.2 (Oval 5.10) content signature updated; no other change to content.. No changes
May 21, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
April 23, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
March 22, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
November 14, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
November 10, 2011 No changes USGCB GPOs posted No changes No changes
October 26, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
October 17, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
October 04, 2011 No changes No changes No changes National Checklist Program's Machine-readable CCE to 800-53 Mappings linked
September 21, 2011 USGCB major version 1.2.x.0 Settings and Known Issues posted No changes USGCB major version 1.2.x.0 SCAP content posted No changes
February 04, 2011 No changes USGCB major version 1.1.x.0 GPOs posted No changes No changes
January 31, 2011 USGCB major version 1.1.x.0 Settings and Known Issues posted No changes USGCB major version 1.1.x.0 SCAP content posted No changes
October 20, 2010 No changes USGCB GPOs posted No changes No changes
September 24, 2010 USGCB major version 1.0.x.0 Settings Known Issues posted No changes USGCB major version 1.0.x.0 SCAP content posted CCE mapping updates reflected in USGCB Settings spreadsheet
August 31, 2010 USGCB Beta Settings and updated SCAP content issues posted USGCB Beta GPOs posted USGCB Beta SCAP content posted CCE mapping updates reflected in USGCB Beta Settings spreadsheet
August 03, 2010 No changes No changes Alpha USGCB OVAL 5.3 patch content updated No changes
May 28, 2010 Setting clarification provided, no settings have changed Minor bug-fixes implemented Minor SCAP bug-fixes implemented Non-machine readable mappings can be found in USGCB Alpha Settings. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are available.
April 23, 2010 Alpha Content Released Alpha Content Released Alpha Content Released Alpha Content Released