National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

The United States Government Configuration Baseline (USGCB) - Microsoft Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.


Bulk Download Packages

The following table provides the aggregate downloads of the USGCB content for all supported platforms including Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 8, and Internet Explorer 7.

Documentation GPOs SCAP Content CCE to 800-53 Mappings
  • USGCB Windows Settings - 2012.05.15
    sha1
    E17A5C7A70B025A1220AD3E73F62659B8C76DEE6
    sha256
    E7C412B282054AE094223437810344433A7B6B800A66796A59194B5AEE4178CB
  • USGCB Windows Known Issues - 2011.10.28
    sha1
    BA8EF7A9960C38F12C270EE3560C19F61CC0FA4B
    sha256
    E8486EFD63E2B80216DB3A5DCC61DABCDE018B273F2D5412807EFE96FB4AA293
  • USGCB GPOs - 2011.11.10
    sha1
    49BEDCBE6349778BF9899AC06639B4373533A755
    sha256
    DF896446743287A7F7F78C2990F2F2A1AC95E4CE3A8DF12F6609FF12963982B0
  • USGCB 2.0.x.0 Content for Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, and Internet Explorer 7 (Change Log) - 2013.12.17
    sha1
    89938C42ECF49343D18E524DDB7234DE1B34EF7D
    sha256
    5F6EE92533E941F9222F3CD2CEE1523996C8136931359E0D7D919C32C7E00C0A
  • USGCB 1.2.x.0 Content for Windows 7, Windows 7 Firewall, and Internet Explorer 8 (Change Log) - 2013.12.17
    sha1
    B7613767849C1DC1D4DC3E4C5603E6730DD66095
    sha256
    4984ACC444FD7F95ED0448AAECB4249E162D9641095BA690B6682E14FFCE4465
  • Supplemental USGCB SCAP 1.0 Content for Windows XP (Change Log) - 2013.12.17
    Addresses a directory server performance issue that has been identified with the Tier IV USGCB Content. The supplemental content uses an alternate method for checking the file effective rights in the USGCB content that avoids the performance issue. Although, this supplemental content is classified as Tier III as defined by SP 800-70 Rev2. It is equivalent to its peer content streams in addressing the considerations of FDCC and USGCB.
    sha1
    9E3C3B4C1663A297FA75998C51AA9C8B33E8A55D
    sha256
    AEF3CDC63149F9871C0D7D69BC3BB69CE8FA90195075FB5DB3AD8F48AC389D27
  • Please refer to the individual product content pages for the Machine-readable CCE to 800-53 Mappings.

Update History
Date Documentation GPOs SCAP Content CCE to 800-53 Mappings
December 17, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for December, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for December, 2013.
No changes
November 19, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for November, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for November, 2013.
No changes
October 22, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for October, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for October, 2013.
No changes
September 20, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for September, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for September, 2013.
No changes
August 30, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for August, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for August, 2013.
No changes
August 09, 2013 Repackaged, no content changes. No changes Supplemental USGCB SCAP 1.0 Windows Content posted. No changes
July 31, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for July, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for July, 2013.
No changes
June 25, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for June, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for June, 2013.
No changes
May 29, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for May, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for May, 2013.
No changes
April 29, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2013.
No changes
March 21, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2013.
No changes
February 25, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2013.
No changes
January 22, 2013 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for January, 2013.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for January, 2013.
No changes
December 28, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for December, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for December, 2012.
No changes
December 05, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for November, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for November, 2012.
No changes
November 28, 2012 Repackaged, no content changes. No changes SCAP 1.2 (Oval 5.10) content signature updated; no other change to content. No changes
October 31, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for October, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for October, 2012.
No changes
August 17, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for August, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for August, 2012.
No changes
July 30, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for July, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for July, 2012.
No changes
June 15, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for June, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for June, 2012.
No changes
May 21, 2012 Repackaged, no content changes. No changes USGCB major version 2.0.x.0 SCAP content posted. SCAP 1.2 (Oval 5.10) content signature updated; no change to content No changes
April 23, 2012 USGCB Windows Settings posted. No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2012.
SCAP 1.2 data streams now available for all supported platforms.
No changes
March 22, 2012 No changes No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2012.
No changes
February 23, 2012 No changes No changes USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2012.
USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2012.
No changes
February 10, 2012 USGCB Windows Settings posted No changes No changes No changes
January 23, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
November 14, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
November 10, 2011 No changes USGCB GPOs updated No changes No changes
October 27, 2011 USGCB Windows Settings and Known Issues posted No changes No changes No changes
October 26, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
October 17, 2011 No changes No changes USGCB major version 2.0.x.0 SCAP content for IE7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
September 21, 2011 USGCB major version 1.2.x.0 Settings and Known Issues posted No changes USGCB major version 2.0.x.0-Alpha-Candidate SCAP content for IE7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall posted
USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted
No changes
August 18, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
July 27, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
July 06, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
April 28, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
March 18, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
February 22, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
February 04, 2011 No changes USGCB major version 1.1.x.0 GPOs posted No changes No changes
January 31, 2011 USGCB major version 1.1.x.0 Settings and Known Issues posted No changes USGCB major version 1.1.x.0 SCAP content posted No changes
January 20, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
January 07, 2011 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
November 17, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 No changes
November 16, 2010 Typographical corrections to the USGCB Settings Spreadsheet, but there are no changes to setting values No changes No changes No changes
November 03, 2010 No changes Removed all Alpha and Beta instances in XML results files USGCB OVAL 5.3 & 5.4 patch content updated for Windows 7 No changes
October 27, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated No changes
October 20, 2010 No changes USGCB GPOs posted No changes No changes
September 30, 2010 No changes No changes USGCB OVAL 5.3 & 5.4 patch content updated No changes
September 24, 2010 USGCB major version 1.0.x.0 Settings Known Issues posted No changes USGCB major version 1.0.x.0 SCAP content posted CCE mapping updates reflected in USGCB Settings spreadsheet
August 31, 2010 USGCB Beta Settings and updated SCAP content issues posted USGCB Beta GPOs posted USGCB Beta SCAP content posted CCE mapping updates reflected in USGCB Beta Settings spreadsheet
August 20, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
August 09, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
August 04, 2010 Updated to reflect bug fixes made to SCAP content. No changes No changes No changes
August 03, 2010 No changes No changes Alpha USGCB OVAL 5.3 patch content updated No changes
July 20, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
June 16, 2010 No changes No changes Alpha USGCB OVAL 5.3 & 5.4 patch content updated No changes
May 28, 2010 Setting clarification provided, no settings have changed Minor bug-fixes implemented Minor SCAP bug-fixes implemented Non-machine readable mappings can be found in USGCB Alpha Settings. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are available.
April 23, 2010 Alpha Content Released Alpha Content Released Alpha Content Released Alpha Content Released