F D C C

Vulnerabilities

Product Dictionary

SCAP Validated Tools

Vendor Comments

FDCC

Home

Disclaimer

Contact

NIST Resources

Other Resources

Federal Desktop Core Configuration
FDCC

- DOWNLOAD PAGE -

WARNING NOTICE

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows XP Professional SP2, Windows XP Professional SP3, and Windows Vista SP1 systems. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with OMB, DHS, DISA, NSA, USAF, and Microsoft to produce the Windows XP and Vista FDCC baseline. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.

Download Packages

2009.11.20

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.11.03

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.10.19

2009 Q4 VHDs Released. No settings have changed in this release.

2009.09.16

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.08.21

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.08.06

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.07.21

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.06.30

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.04.17

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.04.08

FDCC Major Version 1.2.x.0 SCAP Content released.

The FDCC settings have not changed. The update includes a number of corrections in the SCAP content. A detailed listing of the changes is available. This release also includes updated FDCC settings documentation, as well as the 2009 Q1 VHDs and GPOs.

2009.02.28

FDCC OVAL 5.3 & 5.4 patch content updated.

2008.12.03

FDCC OVAL 5.3 & 5.4 patch content updated.

2008.10.31

FDCC Major Version 1.1 SCAP Content released.

The FDCC settings have not changed. The update includes a number of corrections in the SCAP content, as well as full support for OVAL 5.3 & 5.4. A detailed listing of the changes is available.

2008.10.30

2008 Q4 VHDs Released. No settings have changed in this release. The FDCC VHDs expire after 90 days and must be re-released.

2008.06.20

The updated Federal Desktop Core Configuration settings released on 20 June 2008 constitute Major Version 1.0 of FDCC. Relative to the previous version of FDCC, 40 settings have changed. Changes were derived from public comment during the April and May 2008 public comment periods, analysis of the 31 March 2008 Agency FDCC reports, and subject matter expertise.

FDCC Major Version 1.0 is based on Microsoft Windows XP Service Pack (SP) 2 and Microsoft Windows Vista SP 1. Although SCAP content has been engineered so that it will also operate on Windows XP SP3, near-term Windows XP patch checking will be oriented toward Windows XP SP2.

To coincide with the release of FDCC Major Version 1.0, new SCAP Content has also been made available. This SCAP Content is inclusive of the 40 FDCC settings changes. At this time, FDCC is comprised of 674 settings, 670 of which (99.4%) can be checked using the updated SCAP Content and an SCAP-Validated Tool. A listing of non-automated settings is available for your reference. NIST is coordinating future refinement of SCAP Content and expects to release minor versions of SCAP Content in the future as non-automated checks are automated.

New Microsoft-updated Group Policy Objects (GPO) and Virtual Hard Drive (VHD) files are also available. These files have been tested by NIST and made available through this Web page. These GPOs and VHDs are inclusive of the 40 FDCC settings changes. At this time, 625 out of 674 settings (92.7%) are embodied in GPOs and can therefore be centrally implemented via Microsoft Active Directory servers. A listing of settings that cannot be implemented via GPO is available for your reference.

Moving forward, we anticipate relatively few and infrequent changes to FDCC settings. The change control process is being actively discussed and documented as of 20 June 2008. The change control process will balance a number of factors, including but not limited to IT Provider feedback and existing SCAP Validation Program processes. The Office of Management and Budget will release more information about this process in the upcoming weeks.

2007.08.20
Please read the Download FAQs to resolve issues with downloading, logging on, and activating Windows Vista.

Documentation

GPOs

SCAP Content

2009.04.08
FDCC Settings major
version 1.2 - Final [xls, 473K]

SHA-1 Digest:
1C4962660C0CEB4
CA530DFFE7A56C8
1463C78F50

SHA-256 Digest:
37FC8ECB0A95AB
31B56463A5D83E6
206DC4964D6A1FA0
E4AF710BBD246B
EB0F6

2008.06.20
FDCC 2009 Q1 GPO Release -Final [zip, ~2.5 MB]

SHA-1 Digest:
7DD0E04CEE71F1
6BBAA6366C358B
740C1041834C
SHA-256 Digest:
53664841150B753339A3
2B7C3A3A4EA4F7CB760D7
7023A6ECC0B147AE4B0
2F73

2009.11.20
Windows XP, Vista, firewall, and IE 7. - Final [zip, ~922K]

(individual file listings)
SHA-1 Digest:
C8E0C2503CA1A7589C
2DD1F1BD84CBED0408
BA09
SHA-256 Digest:
25A1B545C8CA4000FB9
48326796899A33EBD76
D9A9C33619B61117E8B
8C9DE78

The preceding files are intended for use with "SCAP FDCC scanning capable" tools.

2008.06.20
FDCC Settings Changes
major version 1.0 - [xls, 25K]

SHA-1 Digest:
1B2C6FD06D78F31AA08E
29DFED887BE4E56D80F8

SHA-256 Digest:
2B8D404730A192E2B55D
44DC86773CE1D7E4B5433
FA4508AC87438F6A3FE997D

VHD Files	SHA-1 Digest	SHA-256 Digest	Note
Windows XP FDCC VHD Q4 2009 - Part 1 of 4 - Final [zip, ~186MB]	11280C200466BFBF0 07E3972910806FD9F D18C1E	E0E290401C39D67E93B 67A00222E3D9EB2443E F8B70C6B48FE4CDD96C 48476F4	2009.10.19 2009 Q4 VHDs released NOTE: Download the 4 files. Use WinZip to open the archive and extract the .VHD file. Please read the Download FAQs.
Windows XP FDCC VHD Q4 2009 - Part 2 of 4 - Final [zip, ~648MB]	C06E104AEDB0DE835 98B2895A3BD643440 6CEF33	B08ECA448ADE5BC491 76F25E2DC0E9F7FE1A 5D14D16DEDB39F8226 13C17F9632
Windows XP FDCC VHD Q4 2009 - Part 3 of 4 - Final [zip, ~648MB]	40A91B5F2BB02F66F 28981FAA36D4C2C5E 50EC60	5AD55FCA500AF311244 608923A5A9ADB2B4D2F 7BA9FFAFB72566E2A07 C8FB328
Windows XP FDCC VHD Q4 2009 - Part 4 of 4 - Final [zip, ~648MB]	1E587510B8287705E A2BE9531D860D9188 61CFA7	B2CE07AD67085A754F3 13461B3DD82E439B04F 3DF5328A10B03D1BDDD 76A5E97
Windows Vista FDCC VHD Q4 2009 - Part 1 of 7 - Final [zip, ~73MB]	27F8181AD30F2293 35FE673892F0BA2A 88200FFE	CDA1B0952530FB81F A9C5B4D514B81CBE6 67BFFF1B0B2884747 DA4DC8B2465C1	2009.10.19 2009 Q4 VHDs released - 7 files for this release NOTE: Download the 7 files. Use WinZip to open the archive and extract the .vhd file. Please read the Download FAQs.
Windows Vista FDCC VHD Q4 2009 - Part 2 of 7 - Final [zip, ~648MB]	203C3FFBA74940D5 27D320AC8A56025E B240EAEC	9E483E277CCE7AB7C6 D4C860CA33AA1D28D3 E8930BD88C5BD5FF59 778190473C
Windows Vista FDCC VHD Q4 2009 - Part 3 of 7 - Final [zip, ~648MB]	F41A3909BAB32867A8 2DAB68A3CF6915B787 C1D2	E684AAAD33157C9387 2801521A9E070B4CAA 4BDD346FD679D7080A 17B778A22A
Windows Vista FDCC VHD Q4 2009 - Part 4 of 7 - Final [zip, ~648MB]	2A34499471BD8165E 283A2B67C7702793E 0D605C	4BAAD1F9E63218529B CEF19B687EE3729642 A966C4E47E0724E27A 57BBDC5AFC
Windows Vista FDCC VHD Q4 2009 - Part 5 of 7 - Final [zip, ~648MB]	F27FB3AA830976FFD1 E52D20BD78685BFA5E BCA4	64896A2E7C827EE923C 0D0604E43F037714D38 3089BEE26B4D78F2939 31B475C
Windows Vista FDCC VHD Q4 2009 - Part 6 of 7 - Final [zip, ~648MB]	CAEC83BEA8EF31339B 43BA6FA2DC3E2C3F61 1229	71E55091FB93E0A2A6D FC3B48C9B01FB6C736D 43E502F033492DA3071 18CC245
Windows Vista FDCC VHD Q4 2009 - Part 7 of 7 - Final [zip, ~648MB]	13BA1445BC91AD5C AA4F711FED2EC2A1 E7377A30	69E37F4074B794B6EF4 13F6281D6EEB4D39934 38D0C9CE430B0894AE6 1E40F75

Updates History

Documentation	GPO Files	VHD Files	SCAP Content
			2009.11.20 OVAL 5.3 & 5.4 patch content updated
			2009.11.03 OVAL 5.3 & 5.4 patch content updated
		2009.10.19 2009 Q4 VHDs Released
			2009.09.16 OVAL 5.3 & 5.4 patch content updated
			2009.08.06 OVAL 5.3 & 5.4 patch content updated
			2009.07.21 OVAL 5.3 & 5.4 patch content updated
			2009.06.30 OVAL 5.3 & 5.4 patch content updated
			2009.04.17 OVAL 5.3 & 5.4 patch content updated
2009.04.08 FDCC Settings major version 1.2.x.0	2009.04.08 2009 Q1 GPOs Released	2009.04.08 2009 Q1 VHDs Released	2009.04.08 Release 1.2 - Final
			2009.04.02 OVAL 5.3 & 5.4 patch content updated
			2009.02.28 OVAL 5.3 & 5.4 patch content updated
			2008.12.03 OVAL 5.3 & 5.4 patch content updated
		2008.10.30 2008 Q4 VHDs Released	2008.10.31 Release 1.1 - Final
2008.06.20 FDCC Settings major version 1.0 FDCC Settings Changes major version 1.0	2008.06.20 2008 Q3 GPOs Released	2008.06.20 2008 Q3 VHDs Released	2008.06.20 Release 1.0 - Final

Please see the FDCC Archive for pre-final release content

Comments and Questions

Comments and questions may be addressed to fdcc@nist.gov.

Last updated: November, 20, 2009
Page created: July 22, 2007
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to itsec@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration