National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

The United States Government Configuration Baseline (USGCB) - Windows XP Firewall Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.


Download Packages

The following table provides the downloads for the Windows XP Firewall USGCB Content. VHDs are also available to use for testing. Additional information can be found in the FAQ.

Documentation GPOs SCAP Content CCE to 800-53 Mappings
  • USGCB Major Version 1.2.x.0 Settings
    Please refer to the top-level Microsoft Content Page for the listing of all USGCB settings and associated hash values.
  • USGCB Major Version 1.2.x.0 Known Issues
    Please refer to the top-level Microsoft Content Page for the listing of all known issues relating to USGCB content and associated hash values.
  • USGCB Windows XP Firewall GPOs - 2011.11.10
    sha1
    6E61F5389F7C973C2E3F88925998BB648263F8C2
    sha256
    7107B5BD39D35C67CBA40CB44260C7C9AF9F92A631169815A208A68E2666C042
  • SCAP 1.2 (Oval 5.10)

    Windows XP Firewall Content - 2012.11.28
    sha1
    A7F2691657714FED116A462FB0D2670219B8C595
    sha256
    747993F25FBB560C6F93D5136860B86C55F7CA013175BD2861B24F5B939BF303
  • SCAP 1.0 (Oval 5.4)

    Windows XP Firewall Content - 2012.05.21
    sha1
    989A20EEC0825A118C7216D8D1B5F318143AA990
    sha256
    0761B6F7B1BCAA7019535368964C97FEDB20ABC358837196AFED78134BC59144
  • SCAP 1.0 (Oval 5.3)

    Windows XP Firewall Content - 2012.05.21
    sha1
    7A31F5C0090539B49E1B1CBA69CFAC30017496AA
    sha256
    322699272F784B4E168893958A396EA59C3A513861229C5CE38540C83ABB3B33

Update History
Date Documentation GPOs SCAP Content CCE to 800-53 Mappings
November 28, 2012 No changes No changes SCAP 1.2 (Oval 5.10) content signature updated; no other change to content. No changes
May 21, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
April 23, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
March 22, 2012 No changes No changes Content bundle repackaged, no content changes. No changes
November 14, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content posted No changes
November 10, 2011 No changes USGCB GPOs posted No changes No changes
October 17, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content posted No changes
October 05, 2011 No changes No changes No changes National Checklist Program's Machine-readable CCE to 800-53 Mappings linked
September 21, 2011 USGCB major version 1.2.x.0 Settings and Known Issues posted No changes USGCB major version 2.0.x.0-Alpha-Candidate SCAP content posted No changes