National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

The United States Government Configuration Baseline (USGCB) - Microsoft Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.


Bulk Download Packages

The following table provides the aggregate downloads of the USGCB content for all supported platforms including Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 8, and Internet Explorer 7.

Documentation GPOs SCAP Content CCE to 800-53 Mappings
  • USGCB Windows Settings - 2012.05.15
    sha1
    E17A5C7A70B025A1220AD3E73F62659B8C76DEE6
    sha256
    E7C412B282054AE094223437810344433A7B6B800A66796A59194B5AEE4178CB
  • USGCB Windows Known Issues - 2011.10.28
    sha1
    BA8EF7A9960C38F12C270EE3560C19F61CC0FA4B
    sha256
    E8486EFD63E2B80216DB3A5DCC61DABCDE018B273F2D5412807EFE96FB4AA293
  • USGCB GPOs - 2011.11.10
    sha1
    49BEDCBE6349778BF9899AC06639B4373533A755
    sha256
    DF896446743287A7F7F78C2990F2F2A1AC95E4CE3A8DF12F6609FF12963982B0
  • USGCB 2.0.x.0 Content for Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, and Internet Explorer 7 (Change Log) - 2013.04.29
    sha1
    3A6CF910C4F0DD11046A58E260316C6D19751AF4
    sha256
    7396E8A778CA4D24478DA0A75DD95ACA672798549765469A915CC41F7F8E8BC5
  • USGCB 1.2.x.0 Content for Windows 7, Windows 7 Firewall, and Internet Explorer 8 (Change Log) - 2013.04.29
    sha1
    63C5C667B13FBD5200488953BF44F59104052B13
    sha256
    E512864F8DB1114A395FE8D2233890E851C6EFFDA1CAFD6F1F67E0D7F7C50522
  • Please refer to the individual product content pages for the Machine-readable CCE to 800-53 Mappings.

Update History
Date Documentation GPOs SCAP Content CCE to 800-53 Mappings
April 29, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2013.
No changes
March 21, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2013.
No changes
February 25, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2013.
No changes
January 22, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for January, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for January, 2013.
No changes
December 28, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for December, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for December, 2012.
No changes
December 05, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for November, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for November, 2012.
No changes
November 28, 2012 Repackaged, no content changes. No changes SCAP 1.2 (Oval 5.10) content signature updated; no other change to content. No changes
October 31, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for October, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for October, 2012.
No changes
August 17, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for August, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for August, 2012.
No changes
July 30, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for July, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for July, 2012.
No changes
June 15, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for June, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for June, 2012.
No changes
May 21, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted. SCAP 1.2 (Oval 5.10) content signature updated; no change to content No changes
April 23, 2012 USGCB Windows Settings posted. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2012.
SCAP 1.2 data streams now available for all supported platforms.
No changes
March 22, 2012 No changes No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2012.
No changes
February 23, 2012 No changes No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2012.
No changes
February 10, 2012 USGCB Windows Settings posted No changes No changes No changes
January 23, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
November 14, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
November 10, 2011 No changes USGCB GPOs updated No changes No changes
October 27, 2011 USGCB Windows Settings and Known Issues posted No changes No changes No changes
October 26, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
October 17, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
September 21, 2011 USGCB major version 1.2.x.0 Settings and Known Issues posted No changes USGCB major version 2.0.x.0-Alpha-Candidate SCAP content for IE7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
August 18, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
July 27, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
July 06, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
April 28, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
March 18, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
February 22, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
February 04, 2011 No changes USGCB major version 1.1.x.0 GPOs posted No changes No changes
January 31, 2011 USGCB major version 1.1.x.0 Settings and Known Issues posted No changes USGCB major version 1.1.x.0 SCAP content posted No changes
January 20, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
January 07, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
November 17, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
November 16, 2010 Typographical corrections to the USGCB Settings Spreadsheet, but there are no changes to setting values No changes No changes No changes
November 03, 2010 No changes Removed all Alpha and Beta instances in XML results files USGCB OVAL 5.3 & 5.4 patch content updated for Windows 7 No changes
October 27, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated No changes
October 20, 2010 No changes USGCB GPOs posted No changes No changes
September 30, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated No changes
September 24, 2010 USGCB major version 1.0.x.0 Settings Known Issues posted No changes USGCB major version 1.0.x.0 SCAP content posted CCE mapping updates reflected in USGCB Settings spreadsheet
August 31, 2010 USGCB Beta Settings and updated SCAP content issues posted USGCB Beta GPOs posted USGCB Beta SCAP content posted CCE mapping updates reflected in USGCB Beta Settings spreadsheet
August 20, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
August 09, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
August 04, 2010 Updated to reflect bug fixes made to SCAP content. No changes No changes No changes
August 03, 2010 No changes No changes Alpha USGCB OVAL 5.3 patch content updated No changes
July 20, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
June 16, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
May 28, 2010 Setting clarification provided, no settings have changed Minor bug-fixes implemented Minor SCAP bug-fixes implemented Non-machine readable mappings can be found in USGCB Alpha Settings. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are available.
April 23, 2010 Alpha Content Released Alpha Content Released Alpha Content Released Alpha Content Released