NIST guides for securing Windows XP

The National Institute of Standards and Technology (NIST) has
released a revised version of guidelines for securing the Windows
XP operating system as part of a package of online tools available
to help administrators lock down computers running that operating

Special Publication 800-68 Revision 1, titled
“Guide to Securing Microsoft Windows XP Systems for IT
Professionals,” provides detailed information about the
security features of Windows XP along with configuration
guidelines. The revision updates the original version of the
document, released in 2005. It is supplemented by a beta version of the Windows Security Baseline
Database application, which gives security baseline settings for a
variety of Microsoft products specified in the Federal Desktop Core

“The database allows interested parties to view security
settings by baseline or by policy (e.g., FDCC), as well as to
compare baselines to each other,” NIST said.

The database application has been tested on the Windows XP
Professional and Vista operating systems.

SP 800-68 Revision 1 offers guidance in securing Windows XP
Professional systems running Service Pack 2 or 3, and provides
detailed information about the security features of that operating
system. The accompanying database contains security baseline
settings for Windows XP, Vista, Internet Explorer 7 and Windows
Firewall, which fall under the FDCC requirements.

Although the guidelines were developed in collaboration with
other agencies and with Microsoft, NIST warns that settings in the
guide should not be implemented without first being tested in a
non-operational environment, and that the recommendations are not a
substitute for a well-structured policy or sound judgment. They
also do not address site-specific configuration issues; NIST
advises that local operational and policy concerns must be
addressed when implementing guidelines.

The recommendations are specific to Windows XP Professional with
Service Pack 2 or 3, and are not appropriate for Windows 9X/ME/,
Windows NT, Windows 2000, Windows Server 2003, Windows Vista or
Windows Server 2008.

NIST also has security templates, titled “Guide for
Securing Microsoft Windows XP Systems for IT Professionals”
available for download. The templates have been tested on Windows
XP Professional SP2 systems. Also available is a selection of FDCC
packages for download, including documentation and Security Control
Automation Protocol content.

All of the guidance and tools are available from this single
download page.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • Global Precipitation Measurement of Florence

    USDA geotargets the press

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group