National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

The United States Government Configuration Baseline (USGCB) - Microsoft Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.


Bulk Download Packages

The following table provides the aggregate downloads of the USGCB content for all supported platforms including Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 8, and Internet Explorer 7.

Documentation GPOs SCAP Content CCE to 800-53 Mappings
  • USGCB Windows Settings - 2012.04.23
    sha1
    11368783D35285968456A518FCC6E2B1DECE64EF
    sha256
    C6874D79325305FB37F1969EECAC1DDE4BFF8915887D5B204B4D5AF394350453
  • USGCB Windows Known Issues - 2011.10.28
    sha1
    BA8EF7A9960C38F12C270EE3560C19F61CC0FA4B
    sha256
    E8486EFD63E2B80216DB3A5DCC61DABCDE018B273F2D5412807EFE96FB4AA293
  • USGCB GPOs - 2011.11.10
    sha1
    49BEDCBE6349778BF9899AC06639B4373533A755
    sha256
    DF896446743287A7F7F78C2990F2F2A1AC95E4CE3A8DF12F6609FF12963982B0
  • USGCB 2.0.x.0 Content for Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, and Internet Explorer 7 (Change Log) - 2012.04.23
    sha1
    F3C28D8FA7A21F38FE1D5299E62F84CF9C59917D
    sha256
    A2AF5AE35FBBD78DFE84098B759F7BFAF66CAAA4149117A9090FF96FA6A3B39D
  • USGCB 1.2.x.0 Content for Windows 7, Windows 7 Firewall, and Internet Explorer 8 (Change Log) - 2012.04.23
    sha1
    418418BEBE474DC1B8F4AD20551501779592BFCB
    sha256
    669E61004A5F08E48B3840B18A95AE7981A5A26B1325FB209C05FCF98C5CC25D
  • Please refer to the individual product content pages for the Machine-readable CCE to 800-53 Mappings.

Update History
Date Documentation GPOs SCAP Content CCE to 800-53 Mappings
April 23, 2012 USGCB Windows Settings posted. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2012.
SCAP 1.2 data streams now available for all supported platforms. 		No changes
March 22, 2012 No changes No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2012..
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for MArch, 2012. 		No changes
February 23, 2012 No changes No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2012..
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2012. 		No changes
February 10, 2012 USGCB Windows Settings posted No changes No changes No changes
January 23, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted 		No changes
November 14, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted 		No changes
November 10, 2011 No changes USGCB GPOs updated No changes No changes
October 27, 2011 USGCB Windows Settings and Known Issues posted No changes No changes No changes
October 26, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted 		No changes
October 17, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted 		No changes
September 21, 2011 USGCB major version 1.2.x.0 Settings and Known Issues posted No changes USGCB major version 2.0.x.0-Alpha-Candidate SCAP content for IE7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted 		No changes
August 18, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
July 27, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
July 6, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
April 28, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
March 18, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
February 22, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
February 4, 2011 No changes USGCB major version 1.1.x.0 GPOs posted No changes No changes
January 31, 2011 USGCB major version 1.1.x.0 Settings and Known Issues posted No changes USGCB major version 1.1.x.0 SCAP content posted No changes
January 20, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
January 7, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
November 17, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
November 16, 2010 Typographical corrections to the USGCB Settings Spreadsheet, but there are no changes to setting values No changes No changes No changes
November 3, 2010 No changes Removed all Alpha and Beta instances in XML results files USGCB OVAL 5.3 & 5.4 patch content updated for Windows 7 No changes
October 27, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated No changes
October 20, 2010 No changes USGCB GPOs posted No changes No changes
September 30, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated No changes
September 24, 2010 USGCB major version 1.0.x.0 Settings Known Issues posted No changes USGCB major version 1.0.x.0 SCAP content posted CCE mapping updates reflected in USGCB Settings spreadsheet
August 31, 2010 USGCB Beta Settings and updated SCAP content issues posted USGCB Beta GPOs posted USGCB Beta SCAP content posted CCE mapping updates reflected in USGCB Beta Settings spreadsheet
August 20, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
August 9, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
August 4, 2010 Updated to reflect bug fixes made to SCAP content. No changes No changes No changes
August 3, 2010 No changes No changes Alpha USGCB OVAL 5.3 patch content updated No changes
July 20, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
June 16, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
May 28, 2010 Setting clarification provided, no settings have changed Minor bug-fixes implemented Minor SCAP bug-fixes implemented Non-machine readable mappings can be found in USGCB Alpha Settings. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are available.
April 23, 2010 Alpha Content Released Alpha Content Released Alpha Content Released Alpha Content Released