National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

The United States Government Configuration Baseline (USGCB) - Windows 7 Firewall Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.


Download Packages

The following table provides the downloads for the Windows 7 Firewall USGCB Content. VHDs are also available to use for testing. Additional information can be found in the FAQ.

Documentation GPOs SCAP Content CCE to 800-53 Mappings
  • USGCB Major Version 1.2.x.0 Settings
    Please refer to the top-level Microsoft Content Page for the listing of all USGCB settings and associated hash values.
  • USGCB Major Version 1.2.x.0 Known Issues
    Please refer to the top-level Microsoft Content Page for the listing of all known issues relating to USGCB content and associated hash values.
  • USGCB Windows 7 Firewall GPOs - 2011.11.10
    sha1
    7AC3038A3183398CBB7F22D3C5DE11251D88683F
    sha256
    0937E614240040382CC1223EFDF359C13D386C4692AC615A5CAE72429ED0E5CD

  • SCAP 1.2 (Oval 5.10)

    Windows 7 Firewall Content - 2012.11.28
    sha1
    73207BFF397D96007E20239E2B3EDAA25D2D42E6
    sha256
    45DA041A25C7C577F46CCD78767E41C6E49CED4993982FEAF36C09197664F48C

  • SCAP 1.0 (Oval 5.4)

    Windows 7 Firewall Content - 2012.05.21
    sha1
    7120E5A095DCBFAB69AC08901C066FBD4FDA8E0E
    sha256
    D94E5E483ADD28A2B16E017CF66AB3A13F56D33BC3A894DC0CB9E9B8A91A4B6E

  • SCAP 1.0 (Oval 5.3)

    Windows 7 Firewall Content - 2012.05.21
    sha1
    FF21B43E552C676FA03942DCF4369FB8E0A7A0D8
    sha256
    02CC3B625A02111CCDE5C2C1CF6A926F71C8AC8306B72BD83239382E93331A60

Update History
Date Documentation GPOs SCAP Content CCE to 800-53 Mappings
November 28, 2012 No changes No changes SCAP 1.2 (Oval 5.10) content signature updated; no other change to content.. No changes
May 21, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
April 23, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
March 22, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
November 14, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
November 10, 2011 No changes USGCB GPOs posted No changes No changes
October 26, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
October 17, 2011 No changes No changes USGCB major version 1.2.x.0 SCAP content posted No changes
October 04, 2011 No changes No changes No changes National Checklist Program's Machine-readable CCE to 800-53 Mappings linked
September 21, 2011 USGCB major version 1.2.x.0 Settings and Known Issues posted No changes USGCB major version 1.2.x.0 SCAP content posted No changes
February 04, 2011 No changes USGCB major version 1.1.x.0 GPOs posted No changes No changes
January 31, 2011 USGCB major version 1.1.x.0 Settings and Known Issues posted No changes USGCB major version 1.1.x.0 SCAP content posted No changes
October 20, 2010 No changes USGCB GPOs posted No changes No changes
September 24, 2010 USGCB major version 1.0.x.0 Settings Known Issues posted No changes USGCB major version 1.0.x.0 SCAP content posted CCE mapping updates reflected in USGCB Settings spreadsheet
August 31, 2010 USGCB Beta Settings and updated SCAP content issues posted USGCB Beta GPOs posted USGCB Beta SCAP content posted CCE mapping updates reflected in USGCB Beta Settings spreadsheet
August 03, 2010 No changes No changes Alpha USGCB OVAL 5.3 patch content updated No changes
May 28, 2010 Setting clarification provided, no settings have changed Minor bug-fixes implemented Minor SCAP bug-fixes implemented Non-machine readable mappings can be found in USGCB Alpha Settings. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are available.
April 23, 2010 Alpha Content Released Alpha Content Released Alpha Content Released Alpha Content Released