The United States Government Configuration Baseline (USGCB) - Windows XP Firewall Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.

Download Packages

The following table provides the downloads for the Windows XP Firewall USGCB Content. VHDs are also available to use for testing. Additional information can be found in the FAQ.

Documentation	GPOs	SCAP Content	CCE to 800-53 Mappings
USGCB Major Version 1.2.x.0 Settings Please refer to the top-level Microsoft Content Page for the listing of all USGCB settings and associated hash values. USGCB Major Version 1.2.x.0 Known Issues Please refer to the top-level Microsoft Content Page for the listing of all known issues relating to USGCB content and associated hash values.	USGCB Windows XP Firewall GPOs - 2011.11.10 sha1 6E61F5389F7C973C2E3F88925998BB648263F8C2 sha256 7107B5BD39D35C67CBA40CB44260C7C9AF9F92A631169815A208A68E2666C042	SCAP 1.2 (Oval 5.10) Windows XP Firewall Content - 2012.11.28 sha1 391143D957A2EFD627F3589D84351592A6116245 sha256 B34450B4DF70097B5225E7C74BDC11EFC1651F11A7E09AE77FF2F9A981CDA73C SCAP 1.0 (Oval 5.4) Windows XP Firewall Content - 2012.05.21 sha1 95668C3D2394AE890B6DD9B099EFC331C399E849 sha256 686F69AD4AE7A472664476E2C08AAFCFE835EDE8670F2259C53683F2C62D56F7 SCAP 1.0 (Oval 5.3) Windows XP Firewall Content - 2012.05.21 sha1 D9BA319727E0D484C2C3335DCA215B6911364874 sha256 66E0D581A3CE6EC198D2BBE497A1712371B91B29DF04D578B850833FEF54338F	Machine-readable CCE to 800-53 Mappings

Update History

Date	Documentation	GPOs	SCAP Content	CCE to 800-53 Mappings
November 28, 2012	No changes	No changes	SCAP 1.2 (Oval 5.10) content signature updated; no other change to content.	No changes
May 21, 2012	No changes	No changes	Content bundle repackaged, no content changes.	No changes
April 23, 2012	No changes	No changes	Content bundle repackaged, no content changes.	No changes
March 22, 2012	No changes	No changes	Content bundle repackaged, no content changes.	No changes
November 14, 2011	No changes	No changes	USGCB major version 2.0.x.0 SCAP content posted	No changes
November 10, 2011	No changes	USGCB GPOs posted	No changes	No changes
October 17, 2011	No changes	No changes	USGCB major version 2.0.x.0 SCAP content posted	No changes
October 05, 2011	No changes	No changes	No changes	National Checklist Program's Machine-readable CCE to 800-53 Mappings linked
September 21, 2011	USGCB major version 1.2.x.0 Settings and Known Issues posted	No changes	USGCB major version 2.0.x.0-Alpha-Candidate SCAP content posted	No changes