The United States Government Configuration Baseline (USGCB) - Microsoft Content
Warning Notice
Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.
The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.
These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.
Bulk Download Packages
The following table provides the aggregate downloads of the USGCB content for all supported platforms including Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 8, and Internet Explorer 7.
| Documentation | GPOs | SCAP Content | CCE to 800-53 Mappings |
|
|
|
|
Update History
| Date | Documentation | GPOs | SCAP Content | CCE to 800-53 Mappings |
| April 29, 2013 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2013. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2013. |
No changes |
| March 21, 2013 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2013. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2013. |
No changes |
| February 25, 2013 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2013. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2013. |
No changes |
| January 22, 2013 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for January, 2013. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for January, 2013. |
No changes |
| December 28, 2012 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for December, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for December, 2012. |
No changes |
| December 05, 2012 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for November, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for November, 2012. |
No changes |
| November 28, 2012 | Repackaged, no content changes. | No changes | SCAP 1.2 (Oval 5.10) content signature updated; no other change to content. | No changes |
| October 31, 2012 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for October, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for October, 2012. |
No changes |
| August 17, 2012 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for August, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for August, 2012. |
No changes |
| July 30, 2012 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for July, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for July, 2012. |
No changes |
| June 15, 2012 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for June, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for June, 2012. |
No changes |
| May 21, 2012 | Repackaged, no content changes. | No changes | USGCB major version 2.0.x.0 SCAP content posted. SCAP 1.2 (Oval 5.10) content signature updated; no change to content | No changes |
| April 23, 2012 | USGCB Windows Settings posted. | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for April, 2012. SCAP 1.2 data streams now available for all supported platforms. |
No changes |
| March 22, 2012 | No changes | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for March, 2012. |
No changes |
| February 23, 2012 | No changes | No changes | USGCB major version 2.0.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2012. USGCB major version 1.2.x.0 SCAP content posted, which includes new OVAL definitions for verifying the presence of Microsoft's updates for February, 2012. |
No changes |
| February 10, 2012 | USGCB Windows Settings posted | No changes | No changes | No changes |
| January 23, 2011 | No changes | No changes | USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted |
No changes |
| November 14, 2011 | No changes | No changes | USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted |
No changes |
| November 10, 2011 | No changes | USGCB GPOs updated | No changes | No changes |
| October 27, 2011 | USGCB Windows Settings and Known Issues posted | No changes | No changes | No changes |
| October 26, 2011 | No changes | No changes | USGCB major version 2.0.x.0 SCAP content for IE7 and Windows XP posted USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted |
No changes |
| October 17, 2011 | No changes | No changes | USGCB major version 2.0.x.0 SCAP content for IE7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall posted USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted |
No changes |
| September 21, 2011 | USGCB major version 1.2.x.0 Settings and Known Issues posted | No changes | USGCB major version 2.0.x.0-Alpha-Candidate SCAP content for IE7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall posted USGCB major version 1.2.x.0 SCAP content for IE8, Windows 7, and Windows 7 Firewall posted |
No changes |
| August 18, 2011 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| July 27, 2011 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| July 06, 2011 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| April 28, 2011 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| March 18, 2011 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| February 22, 2011 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| February 04, 2011 | No changes | USGCB major version 1.1.x.0 GPOs posted | No changes | No changes |
| January 31, 2011 | USGCB major version 1.1.x.0 Settings and Known Issues posted | No changes | USGCB major version 1.1.x.0 SCAP content posted | No changes |
| January 20, 2011 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| January 07, 2011 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| November 17, 2010 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated for IE8 and Windows 7 | No changes |
| November 16, 2010 | Typographical corrections to the USGCB Settings Spreadsheet, but there are no changes to setting values | No changes | No changes | No changes |
| November 03, 2010 | No changes | Removed all Alpha and Beta instances in XML results files | USGCB OVAL 5.3 & 5.4 patch content updated for Windows 7 | No changes |
| October 27, 2010 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated | No changes |
| October 20, 2010 | No changes | USGCB GPOs posted | No changes | No changes |
| September 30, 2010 | No changes | No changes | USGCB OVAL 5.3 & 5.4 patch content updated | No changes |
| September 24, 2010 | USGCB major version 1.0.x.0 Settings Known Issues posted | No changes | USGCB major version 1.0.x.0 SCAP content posted | CCE mapping updates reflected in USGCB Settings spreadsheet |
| August 31, 2010 | USGCB Beta Settings and updated SCAP content issues posted | USGCB Beta GPOs posted | USGCB Beta SCAP content posted | CCE mapping updates reflected in USGCB Beta Settings spreadsheet |
| August 20, 2010 | No changes | No changes | Alpha USGCB OVAL 5.3 & 5.4 patch content updated | No changes |
| August 09, 2010 | No changes | No changes | Alpha USGCB OVAL 5.3 & 5.4 patch content updated | No changes |
| August 04, 2010 | Updated to reflect bug fixes made to SCAP content. | No changes | No changes | No changes |
| August 03, 2010 | No changes | No changes | Alpha USGCB OVAL 5.3 patch content updated | No changes |
| July 20, 2010 | No changes | No changes | Alpha USGCB OVAL 5.3 & 5.4 patch content updated | No changes |
| June 16, 2010 | No changes | No changes | Alpha USGCB OVAL 5.3 & 5.4 patch content updated | No changes |
| May 28, 2010 | Setting clarification provided, no settings have changed | Minor bug-fixes implemented | Minor SCAP bug-fixes implemented | Non-machine readable mappings can be found in USGCB Alpha Settings. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are available. |
| April 23, 2010 | Alpha Content Released | Alpha Content Released | Alpha Content Released | Alpha Content Released |