accepted
FDCC: Guidance for Securing Microsoft Windows Vista Firewall for IT Professional
This guide has been created to assist IT professionals, in effectively securing systems with Microsoft Vista Firewall
Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic. NIST would appreciate acknowledgement if the document and template are used.
todo - add text
Trademark InformationMicrosoft, Windows, Windows XP, Windows Vista, Internet Explorer, and Windows Firewall are either registered trademarks or trademarks of Microsoft Corporation in the United States and other countries.All other names are registered trademarks or trademarks of their respective companies.
National Institute of Standards and Technology
SP 800-68
v1.2.1.0
800-53 Low
This profile selects specific controls that are recommended by Special Publication 800-53 for information systems in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low. Each control has an effect on other groups within this document as individual rule require certain controls to be selected.
800-53 Moderate
This profile selects specific controls that are recommended by Special Publication 800-53 for information systems in which at least one security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high. Each control has an effect on other groups within this document as individual rule require certain controls to be selected.
800-53 High
This profile selects specific controls that are recommended by Special Publication 800-53 for information systems in which at least one security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of high. Each control has an effect on other groups within this document as individual rule require certain controls to be selected.
800-53 All
This profile selects all the security controls that are recommended by Special Publication 800-53 for information systems. Each control has an effect on other groups within this document as individual rule require certain controls to be selected.
Federal Desktop Core Configuration version 1.2.1.0
This profile represents guidance outlined in Federal Core Configuration settings for Windows Vista Firewall on desktop systems.
NIST SP 800-53 Controls
Applicable 800-53 Access Control Checks
Access Control Policy and Procedures
ISO/IEC 17799: 11.1.1, 11.4.1, 15.1.1
NIST 800-26: 15, 16
DOD 8500.2: ECAN-1, ECPA-1, PRAS-1, DCAR-1
DCID 6/3: 2.B.4.e(5), 4.B.1.a(1)(b)
Account Management
ISO/IEC 17799: 6.2.2, 6.2.3, 8.3.3, 11.2.1, 11.2.2, 11.2.4, 11.7.2
NIST 800-26: 6.1.8, 15.1.1, 15.1.4, 15.1.15, 15.1.8, 15.2.2, 16.1.3, 16.1.5, 16.2.12
GAO FISCAM: AC-2.1 AC-2.2, AC-3.2, SP-4.1
DOD 8500.2: IAAC-1
DCID 6/3: 4.B.2.a(3)
Access Enforcement
ISO/IEC 17799: 11.2.4, 11.4.5
NIST 800-26: 10.1.2, 15.1.1, 16.1.1, 16.1.2, 16.1.3, 16.1.7, 16.1.9, 16.2.1, 16.2.7, 16.2.10, 16.2.11, 16.2.15
GAO FISCAM: AC-2, AC-3.2
DOD 8500.2: DCFA-1, ECAN-1, EBRU-1, PRNK-1, ECCD-1, ECSD-2
DCID 6/3: Discretionary Access Control (DAC): 4.B.2.a(2), Mandatory Access Control (MAC): 4.B.4.a(3)
Information Flow Enforcement
ISO/IEC 17799: 10.6.2, 11.4.5, 11.4.6, 11.4.7
DOD 8500.2: EBBD-1, EBBD-2
DCID 6/3: 4.B.3.a(3), 7.B.3.g
Separation of Duties
ISO/IEC 17799: 10.1.3, 10.6.1, 10.10.1
NIST 800-26: 6.1.1, 6.1.2, 6.1.3, 15.2.1, 16.1.2, 17.1.5
GAO FISCAM: AC-3.2, SD-1.2
DOD 8500.2: ECLP-1
DCID 6/3: 2.A.1, 4.B.3.a(18)
Least Privilege
ISO/IEC 17799: 11.2.2
NIST 800-26: 16.1.2, 16.1.3, 17.1.5
GAO FISCAM: AC-3.2
DOD 8500.2: ECLP-1
DCID 6/3: 4.B.2.a(10)
Unsuccessful Login Attempts
ISO/IEC 17799: 11.5.1
NIST 800-26: 15.1.14
GAO FISCAM: AC-3.2
DOD 8500.2: ECLO-1
DCID 6/3: 4.B.2.a(17)(c)-(d)
System Use Notification
ISO/IEC 17799: 11.5.1, 15.1.5
NIST 800-26: 16.2.13, 16.3.1, 17.1.9
GAO FISCAM: AC-3.2
DOD 8500.2: ECWM-1
DCID 6/3: 4.B.1.a(6)
Previous Logon Notification
ISO/IEC 17799: 11.5.1
GAO FISCAM: AC-3.2
DOD 8500.2: ECLO-2
Concurrent Session Control
DOD 8500.2: ECLO-1
DCID 6/3: 4.B.2.a(17)(a)
Session Lock
ISO/IEC 17799: 11.3.2
NIST 800-26: 16.1.4
GAO FISCAM: AC-3.2
DOD 8500.2: PESL-1
DCID 6/3: 4.B.1.a(5)
Session Termination
ISO/IEC 17799: 11.3.2, 11.5.5
NIST 800-26: 16.1.4, 16.2.6
GAO FISCAM: AC-3.2
DCID 6/3: 4.B.2.a(17)(b)
Supervision and Review—Access Control
ISO/IEC 17799: 10.10.2, 11.2.4
NIST 800-26: 7.1.10, 11.2.2, 16.1.10, 16.2.5, 17.1.6, 17.1.7
GAO FISCAM: AC-4, AC-4.3, SS-2.2
DOD 8500.2: ECAT-1, ECAT-2, E3.3.9
DCID 6/3: 2.B.7.c, 4.B.3.a(8)(b)
Permitted Actions without Identification or Authentication
NIST 800-26: 16.2.12
DCID 6/3: 7.D.3.a
Automated Marking
ISO/IEC 17799: 7.2.2
NIST 800-26: 8.2.4, 16.1.6
GAO FISCAM: AC-3.2
DOD 8500.2: ECML-1
DCID 6/3: 4.B.2.a(11)
Automated Labeling
ISO/IEC 17799: 7.2.2
NIST 800-26: 16.1.6
GAO FISCAM: AC-3.2
DOD 8500.2: ECML-1
DCID 6/3: 4.B.1.a(3), 4.B.4.a(15), 4.B.4.a(16)
Remote Access
ISO/IEC 17799: 11.4.2, 11.4.3, 11.4.4
NIST 800-26: 16.2.4, 16.2.8
GAO FISCAM: AC-3.2
DOD 8500.2: EBRP-1, EBRU-1
DCID 6/3: 4.B.1.a(1)(b), 4.B.3.a(11), 7.D.2.e
Wireless Access Restrictions
ISO/IEC 17799: 11.4.2, 11.7.1, 11.7.2
DOD 8500.2: ECCT-1, ECWN-1
DCID 6/3: 4.B.1.a(8), 5.B.3.a(11)
Access Control for Portable and Mobile Systems
ISO/IEC 17799: 11.7.1
NIST 800-26: 7.3.1, 7.3.2
DOD 8500.2: ECWN-1
DCID 6/3: 8.B.6.c, 9.G.4
Use of External Information Systems
ISO/IEC 17799: 6.1.4, 9.2.5, 11.7.1
NIST 800-26: 10.2.13
DCID 6/3: 8.B.6.c
Applicable 800-53 Awareness and Training
Security Awareness and Training Policy and Procedures
ISO/IEC 17799: 5.1.1, 8.2.2, 15.1.1
NIST 800-26: 13
DOD 8500.2: PRTN-1, DCAR-1
DCID 6/3: DCID: B.3.c, Manual: 2.B.2.b(8); 2.B.4.e(6)
Security Awareness
ISO/IEC 17799: 6.2.3, 8.2.2, 10.4.1, 11.7.1, 13.1.1, 14.1.4, 15.1.4
NIST 800-26: 13.1.4, 13.1.5
DOD 8500.2: PRTN-1
DCID 6/3: 8.B.1
Security Training
ISO/IEC 17799: 8.2.2, 10.3.2, 11.7.1, 13.1.1, 14.1.4
NIST 800-26: 13.1, 13.1.3, 13.1.5
DOD 8500.2: PRTN-1
DCID 6/3: 8.B.1
Security Training Records
NIST 800-26: 13.1.2
DCID 6/3: 8.B.1
Contacts with Security Groups and Associations
ISO/IEC 17799: 6.1.7
Applicable 800-53 Audit and Accountability
Audit and Accountability Policy and Procedures
ISO/IEC 17799: 10.1, 15.1.1
NIST 800-26: 17
DOD 8500.2: ECAT-1, ECTB-1, DCAR-1
DCID 6/3: DCID: B.2.d, Manual: 2.B.4.e(5); 4.B.2.a(4)
Auditable Events
ISO/IEC 17799: 10.10.1
NIST 800-26: 17.1.1, 17.1.2, 17.1.4
DOD 8500.2: ECAR-3
DCID 6/3: 4.B.2.a(4)(d)
Content of Audit Records
ISO/IEC 17799: 10.10.1, 10.10.4
NIST 800-26: 17.1.1
DOD 8500.2: ECAR-1, ECAR-2, ECAR-3, ECLC-1
DCID 6/3: 4.B.2.a(4)(a), 4.B.2.a(5)(a)
Audit Storage Capacity
ISO/IEC 17799: 10.10.3
DCID 6/3: 5.B.2.a(5)(a)(1)
Response to Audit Processing Failures
ISO/IEC 17799: 10.10.3
DCID 6/3: 4.B.4.a(9)(d)
Audit Monitoring, Analysis, and Reporting
ISO/IEC 17799: 10.10.2, 10.10.4, 13.2.1
NIST 800-26: 16.2.5, 17.1.7, 17.1.8
GAO FISCAM: AC-4.3
DOD 8500.2: ECAT-1, E3.3.9
DCID 6/3: 4.B.4.a(10)
Audit Reduction and Report Generation
ISO/IEC 17799: 10.10.3
NIST 800-26: 17.1.2, 17.1.7
DOD 8500.2: ECRG-1
DCID 6/3: 4.B.3.a(6)
Time Stamps
ISO/IEC 17799: 10.10.6
DOD 8500.2: ECAR-1
DCID 6/3: 4.B.2.a(4)(a)
Protection of Audit Information
ISO/IEC 17799: 10.10.3, 15.1.3, 15.3.2
NIST 800-26: 17.1.3, 17.1.4
DOD 8500.2: ECTP-1
DCID 6/3: 4.B.2.a(4)(b)
Non-repudiation
ISO/IEC 17799: 10.8.2, 10.9.1, 12.3.1
NIST 800-26: 15.1.2, 17.1.1
DOD 8500.2: DCNR-1
DCID 6/3: 5.B.3.a(8)
Audit Record Retention
ISO/IEC 17799: 10.10.1, 15.1.3
NIST 800-26: 17.1.4
DOD 8500.2: ECRR-1
DCID 6/3: 4.B.2.a(4)(c)
Applicable 800-53 Certification, Accreditation, and Security Assessment
Certification, Accreditation, and Security Assessment Policies and Procedures
ISO/IEC 17799: 6.1.4, 10.3.2, 15.1.1
NIST 800-26: 2, 4
DOD 8500.2: DCAR-1, DCII-1
DCID 6/3: DCID: B.3, Manual: 2.B.2.b(1)
Security Assessments
ISO/IEC 17799: 6.1.8, 15.2.1, 15.2.2
NIST 800-26: 2.1.1, 2.1.3, 2.1.4
GAO FISCAM: SP-5.1
DOD 8500.2: DCII-1, ECMT-1, PEPS-1, E3.3.10
DCID 6/3: DCID: B.2.b; B.3.a, Manual: 4.B.2.b(6); 5.B.1.b(1); 9.B.1; 9.B.4
Information System Connections
ISO/IEC 17799: 10.6.2, 10.9.1, 11.4.5, 11.4.6, 11.4.7
NIST 800-26: 1.1.1, 3.2.9, 4.1.8, 12.2.3
GAO FISCAM: CC-2.1
DOD 8500.2: DCID-1, EBCR-1 EBRU-1, EBPW-1, ECIC-1
DCID 6/3: 9.B.3, 9.D.3.c
Security Certification
ISO/IEC 17799: 10.3.2
NIST 800-26: 2.1.2, 3.2.3, 3.2.5, 3.2.6, 4.1.1, 4.1.6, 11.2.8. 12.2.5
GAO FISCAM: CC-2.1
DOD 8500.2: DCAR-1, 5.7.5
DCID 6/3: DCID: B.3, Manual: 4.B.3.b(8); 9.E.2.a(2); 9.E.2.a(3)
Plan of Action and Milestones
ISO/IEC 17799: 15.2.1
NIST 800-26: 1.1.5, 1.2.3, 2.2.1, 4.2.1
GAO FISCAM: SP-5.1 SP-5.2
DOD 8500.2: 5.7.5
DCID 6/3: 9.E.2.a(3)(a)
Security Accreditation
ISO/IEC 17799: 10.3.2
NIST 800-26: 3.2.7, 12.2.5
DOD 8500.2: 5.7.5
DCID 6/3: DCID: B.3, Manual: 9.D.3; 9.D.4
Continuous Monitoring
ISO/IEC 17799: 15.2.1, 15.2.2
NIST 800-26: 10.2.1
DOD 8500.2: DCCB-1, DCPR-1, E3.3.9
DCID 6/3: DCID: B.2.d; Manual: 2.B.4.e(7); 2.B.5.c(10); 5.B.2.b(2); 9.B.1; 9.D.7
Applicable 800-53 Configuration Management
Configuration Management Policy and Procedures
ISO/IEC 17799: 12.4.1, 12.5.1, 15.1.1
DOD 8500.2: DCCB-1, DCPR-1, DCAR-1, E3.3.8
DCID 6/3: DCID: B.2.a Manual: 2.B.4.e(5); 5.B.2.a(5)
Baseline Configuration and System Component Inventory
ISO/IEC 17799: 7.1.1, 15.1.2
NIST 800-26: 1.1.1, 3.1.9, 10.2.7, 10.2.9, 12.1.4
GAO FISCAM: CC-2.3, CC-3.1, SS-1.2
DOD 8500.2: DCHW-1, DCSW-1
DCID 6/3: 2.B.7.c(7), 4.B.1.c(3), 4.B.2.b(6)
Configuration Change Control
ISO/IEC 17799: 10.1.2, 10.2.3, 12.4.1, 12.5.1, 12.5.2, 12.5.3
NIST 800-26: 3.1.4, 10.2.2, 10.2.3, 10.2.8, 10.2.10, 10.2.11
GAO FISCAM: SS-3.2, CC-2.2
DOD 8500.2: DCPR-1
DCID 6/3: 2.B.7.c(7) 4.B.1.c(3), 4.B.2.b(6), 5.B.2.a(5)
Monitoring Configuration Changes
ISO/IEC 17799: 10.1.2
NIST 800-26: 10.2.1, 10.2.4
GAO FISCAM: SS-3.1, SS-3.2, CC-2.1
DOD 8500.2: DCPR-1, E3.3.8
DCID 6/3: 2.B.7.c(7), 4.B.1.c(3), 5.B.2.b(2), 8.B.8.c(7)
Access Restrictions for Change
ISO/IEC 17799: 11.6.1
NIST 800-26: 6.1.3, 6.1.4, 10.1.1, 10.1.4, 10.1.5
GAO FISCAM: SD-1.1, SS-1.2, SS-2.1
DOD 8500.2: DCPR-1, ECSD-2
DCID 6/3: 5.B.3.a(2)(b)
Configuration Settings
NIST 800-26: 10.2.6, 10.3.1, 16.2.2, 16.2.3, 16.2.11
DOD 8500.2: DCSS-1, ECSC-1, E3.3.8
DCID 6/3: 4.B.2.a(10)
Least Functionality
NIST 800-26: 10.3.1
DOD 8500.2: DCPP-1, ECIM-1, ECVI-1, E3.3.8
DCID 6/3: 4.B.2.a(10), 7.D.2.b
Applicable 800-53 Contingency Planning
Contingency Planning Policy and Procedures
ISO/IEC 17799: 5.1.1, 10.4.1, 14.1.1, 14.1.3, 15.1.1
NIST 800-26: 9
DOD 8500.2: COBR-1, DCAR-1
DCID 6/3: 2.B.4.e(5), 6.B.1.a(1)
Contingency Plan
ISO/IEC 17799: 10.3.2, 10.4.1, 10.8.5, 14.1.3, 14.1.4
NIST 800-26: 4.1.4, 9.1.1, 9.2, 9.2.1, 9.2.2, 9.2.3, 9.2.10, 12.1.8, 12.2.2
GAO FISCAM: SC-3.1, SC-1.1
DOD 8500.2: CODP-1, COEF-1
DCID 6/3: 6.B.2.b(1)
Contingency Training
ISO/IEC 17799: 14.1.3, 14.1.4
NIST 800-26: 9.3.2
GAO FISCAM: SC-2.3
DOD 8500.2: PRTN-1
DCID 6/3: 8.B.1
Contingency Plan Testing
ISO/IEC 17799: 10.5.1, 14.1.5
NIST 800-26: 4.1.4, 9.3.3
GAO FISCAM: SC-3.1
DOD 8500.2: COED-1
DCID 6/3: 6.B.3.b(2)(b)
Contingency Plan Update
ISO/IEC 17799: 14.1.3, 14.1.5
NIST 800-26: 9.3.1, 9.3.3, 10.2.12
GAO FISCAM: SC-2.1, SC-3.1
DOD 8500.2: DCAR-1
DCID 6/3: 6.B.3.b(2)
Alternate Storage Sites
ISO/IEC 17799: 10.5.1
NIST 800-26: 9.2.4, 9.2.5, 9.2.7, 9.2.9
GAO FISCAM: SC-2.1, SC-3.1
DOD 8500.2: CODB-2
DCID 6/3: 6.B.2.a(2), 6.B.3.a(2)(d)
Alternate Processing Sites
ISO/IEC 17799: 14.1.4
NIST 800-26: 9.1.3, 9.2.4, 9.2.5, 9.2.7, 9.2.9
GAO FISCAM: SC-2.1, SC-3.1
DOD 8500.2: COAS-1, COEB-1, COSP-1, COSP-2
DCID 6/3: 6.B.3.a(2)(d)
Telecommunications Services
ISO/IEC 17799: 14.1.4
DCID 6/3: 6.B.2.a(4)
Information System Backup
ISO/IEC 17799: 10.5.1, 11.7.1
NIST 800-26: 9.1.1, 9.2.6, 9.2.9, 9.3.1, 12.1.9
GAO FISCAM: SC-2.1
DOD 8500.2: CODB-1, CODB-2, COSW-1
DCID 6/3: 6.B.1.a(2)
Information System Recovery and Reconstitution
ISO/IEC 17799: 14.1.4
NIST 800-26: 9.2.8
GAO FISCAM: SC-2.1
DOD 8500.2: COTR-1, ECND-1
DCID 6/3: 4.B.1.a(4), 6.B.1.a(1), 6.B.2.a(3)(d)
Applicable 800-53 Identification and Authentication
Identification and Authentication Policy and Procedures
ISO/IEC 17799: 15.1.1
NIST 800-26: 11.2.3
DOD 8500.2: IAIA-1, DCAR-1
DCID 6/3: DCID: B.2.a Manual: 2.B.4.e(5)
User Identification and Authentication
ISO/IEC 17799: 11.2.3, 11.4.2, 11.5.2
NIST 800-26: 15.1
DOD 8500.2: IAIA-1
DCID 6/3: 4.B.2.a(7)
Device Identification and Authentication
ISO/IEC 17799: 11.4.2, 11.4.3, 11.7.1
NIST 800-26: 16.2.7
DCID 6/3: 4.B.5.a(14)
Identifier Management
ISO/IEC 17799: 11.2.3, 11.5.2
NIST 800-26: 15.1.1, 15.2.2, 15.1.8
GAO FISCAM: AC-2.1, AC-3.2, SP-4.1
DOD 8500.2: IAGA-1, IAIA-1
DCID 6/3: 4.B.1.a(2)
Authenticator Management
ISO/IEC 17799: 11.5.2, 11.5.3
NIST 800-26: 15.1.6, 15.1.7, 15.1.9, 15.1.10, 15.1.11, 15.1.12, 15.1.13, 16.1.3, 16.2.3
GAO FISCAM: AC-3.2
DOD 8500.2: IAKM-1, IATS-1
DCID 6/3: 4.B.2.a(7), 4.B.3.a(11)
Authenticator Feedback
ISO/IEC 17799: 11.5.1
DCID 6/3: 4.B.2.a(7)(g)
Cryptographic Module Authentication
NIST 800-26: 16.1.7
DCID 6/3: 1.G
Applicable 800-53 Incident Response
Incident Response Policy and Procedures
ISO/IEC 17799: 10.4.1, 13.1, 13.2.1, 15.1.1
NIST 800-26: 14
DOD 8500.2: VIIR-1, DCAR-1
DCID 6/3: DCID: B.2.c; C.4 Manual: 2.B.4.e(5); 2.B.2.b(6); 2.B.6.c(10); 8.B.7
Incident Response Training
ISO/IEC 17799: 13.1.1
NIST 800-26: 14.1.4
GAO FISCAM: SP-3.4
DOD 8500.2: VIIR-1
DCID 6/3: 8.B.1.b(1)(f), 8.B.1.c(1)(e), 8.B.1.c(2)©
Incident Response Testing
ISO/IEC 17799: 14.1.5
DOD 8500.2: VIIR-1
DCID 6/3: 8.B.7
Incident Handling
ISO/IEC 17799: 6.1.6, 13.2.1, 13.2.2
NIST 800-26: 2.1.5, 14.1.1, 14.1.2, 14.1.6
GAO FISCAM: SP-3.4
DOD 8500.2: VIIR-1, E3.3.9
DCID 6/3: 8.B.7, 9.B.2.e
Incident Monitoring
NIST 800-26: 14.1.3
DOD 8500.2: VIIR-1
DCID 6/3: 8.B.7.a
Incident Reporting
ISO/IEC 17799: 6.1.6, 6.2.2, 6.2.3, 13.1.1, 13.1.2
NIST 800-26: 14.1.2, 14.1.3, 14.2.1, 14.2.2, 14.2.3
DOD 8500.2: VIIR-1, E3.3.9
DCID 6/3: 8.B.7
Incident Response Assistance
ISO/IEC 17799: 14.1.3
NIST 800-26: 8.1.1, 14.1.1
GAO FISCAM: SP-3.4
DCID 6/3: 8.B.7.c
Applicable 800-53 Maintenance
System Maintenance Policy and Procedures
ISO/IEC 17799: 10.1.1, 15.1.1
NIST 800-26: 10
DOD 8500.2: PRMP-1, DCAR-1
DCID 6/3: DCID: B.2.a Manual: 2.B.4.e(5); 6.B.2.a(5)
Periodic Maintenance
ISO/IEC 17799: 9.2.4
NIST 800-26: 10.1.1, 10.1.3, 10.2.1
GAO FISCAM: SS-3.1
DCID 6/3: 6.B.2.a(5), 8.B.8.c
Maintenance Tools
NIST 800-26: 10.1.3, 11.2.4
DCID 6/3: 6.B.3.a(5), 8.B.8.c(4), 8.B.8.c(5)
Remote Maintenance
ISO/IEC 17799: 11.4.4
NIST 800-26: 10.1.1, 17.1.1
GAO FISCAM: SS-3.1
DOD 8500.2: EBRP-1
DCID 6/3: 8.B.8.d
Maintenance Personnel
ISO/IEC 17799: 6.2.3, 9.2.4
NIST 800-26: 10.1.1, 10.1.3
GAO FISCAM: SS-3.1
DOD 8500.2: PRMP-1
DCID 6/3: 8.B.8.a
Timely Maintenance
NIST 800-26: 9.1.2
GAO FISCAM: SC-1.2
DOD 8500.2: COMS-1, COSP-1
DCID 6/3: 6.B.2.a(5)
Applicable 800-53 Media Protection
Media Protection Policy and Procedures
ISO/IEC 17799: 10.1.1, 10.7, 15.1.1, 15.1.3
NIST 800-26: 8.2
DOD 8500.2: PESP-1, DCAR-1
DCID 6/3: DCID: B.2.a Manual: 2.B.6.c(7); 8.B.2
Media Access
ISO/IEC 17799: 10.7.3
NIST 800-26: 8.2.1, 8.2.2, 8.2.3, 8.2.6, 8.2.7
DOD 8500.2: PEDI-1, PEPF-1
DCID 6/3: 2.B.9.b(4), 4.B.1.a(1), 4.B.1.a(7)
Media Labeling
ISO/IEC 17799: 7.2.2, 10.7.3, 10.8.2, 15.1.3
NIST 800-26: 8.2.5, 8.2.6, 10.2.9
DOD 8500.2: ECML-1
DCID 6/3: 2.B.9.b(4), 8.B.2.a, 8.B.2.c
Media Storage
ISO/IEC 17799: 10.7.1, 10.7.2, 10.7.3, 10.7.4, 15.1.3
NIST 800-26: 7.1.4, 8.2.1, 8.2.2, 8.2.9, 10.1.2
GAO FISCAM: AC-3.1
DOD 8500.2: PESS-1
DCID 6/3: 2.B.9.b(4), 4.B.1.a(7)
Media Transport
ISO/IEC 17799: 10.8.3
NIST 800-26: 8.2.2, 8.2.4
DCID 6/3: 2.B.9.b(4)
Media Sanitization
ISO/IEC 17799: 9.2.6, 10.7.1, 10.7.2
NIST 800-26: 3.2.11, 3.2.12, 3.2.13, 8.2.8, 8.2.9, 8.2.10
GAO FISCAM: AC-3.4
DOD 8500.2: PECS-1, PEDD-1
DCID 6/3: 8.B.5, 2.B.9.b(4), 8.B.5.a(4), 8.B.5.d, 8.B.5.e
Media Destruction and Disposal
ISO/IEC 17799:
NIST 800-26:
GAO FISCAM:
DOD 8500.2:
DCID 6/3:
Applicable 800-53 Physical and Environmental Protection
Physical and Environmental Protection Policy and Procedures
ISO/IEC 17799: 15.1.1
NIST 800-26: 7
DOD 8500.2: PETN-1, DCAR-1
DCID 6/3: DCID: B.2.a, Manual: 2.B.4.e(5); 8.D
Physical Access Authorizations
ISO/IEC 17799: 9.1.2, 9.1.6
NIST 800-26: 7.1.1, 7.1.2
GAO FISCAM: AC-3.1
DOD 8500.2: PECF-1
DCID 6/3: 4.B.1.a(1), 8.E
Physical Access Control
ISO/IEC 17799: 9.1.1, 9.1.2, 9.1.5, 9.1.6, 10.5.1
NIST 800-26: 7.1.1, 7.1.2, 7.1.5, 7.1.6, 7.1.8
GAO FISCAM: AC-3.1
DOD 8500.2: PEPF-1
DCID 6/3: 4.B.1.a(1), 8.D.2, 8.E
Access Control for Transmission Medium
ISO/IEC 17799: 9.2.3
NIST 800-26: 7.2.2, 16.2.9
DCID 6/3: 8.D.2, 4.B.1.a(8)
Access Control for Display Medium
ISO/IEC 17799: 9.1.2, 11.3.3
NIST 800-26: 7.2.1
DOD 8500.2: PEDI-1, PEPF-1
DCID 6/3: 8.C.2.a, 8.D.2
Monitoring Physical Access
ISO/IEC 17799: 9.1.2
NIST 800-26: 7.1.9
GAO FISCAM: AC-4
DOD 8500.2: PEPF-2
DCID 6/3: 4.B.1.a(1), 8.C.2.a, 8.D.2
Visitor Control
ISO/IEC 17799: 9.1.2
NIST 800-26: 7.1.7, 7.1.11
GAO FISCAM: AC-3.1
DOD 8500.2: PEVC-1
DCID 6/3: 8.C.2.a, 8.D.2, 8.E
Access Records
ISO/IEC 17799: 9.1.2
NIST 800-26: 7.1.9
GAO FISCAM: AC-4
DOD 8500.2: PEPF-2, PEVC-1
DCID 6/3: 8.C.2.a, 8.D.2, 8.E
Power Equipment and Power Cabling
ISO/IEC 17799: 9.2.2, 9.2.3
NIST 800-26: 7.1.16
GAO FISCAM: SC-2.2
DCID 6/3: 8.D.2
Emergency Shutoff
ISO/IEC 17799: 9.2.2
DOD 8500.2: PEMS-1
DCID 6/3: 8.D.2
Emergency Power
ISO/IEC 17799: 9.2.2
NIST 800-26: 7.1.18
GAO FISCAM: SC-2.2
DOD 8500.2: COPS-1, COPS-2, COPS-3
DCID 6/3: 6.B.2.a(6), 6.B.2.a(7)
Emergency Lighting
ISO/IEC 17799: 9.2.2
DOD 8500.2: PEEL-1
DCID 6/3: 8.D.2
Fire Protection
ISO/IEC 17799: 9.1.4, 9.2.1
NIST 800-26: 7.1.12
GAO FISCAM: SC-2.2
DOD 8500.2: PEFD-1, PEFS-1
DCID 6/3: 8.C.2.a, 8.D.2
Temperature and Humidity Controls
ISO/IEC 17799: 9.2.1, 10.5.1, 10.7.1
NIST 800-26: 7.1.14, 7.1.15
GAO FISCAM: SC-2.2
DOD 8500.2: PEHC-1, PETC-1
DCID 6/3: 8.D.2
Water Damage Protection
ISO/IEC 17799: 9.1.4, 9.2.1
NIST 800-26: 7.1.17
GAO FISCAM: SC-2.2
DCID 6/3: 8.C.2.a, 8.D.2
Delivery and Removal
ISO/IEC 17799: 9.1.6, 9.2.7, 10.7.1
NIST 800-26: 7.1.3
GAO FISCAM: AC-3.1
DCID 6/3: 8.B.5.e
Alternate Work Site
ISO/IEC 17799: 11.7.2
DOD 8500.2: EBRU-1
Location of Information System Components
ISO/IEC 17799: 9.2.1
Information Leakage
Applicable 800-53 Planning
Security Planning Policy and Procedures
ISO/IEC 17799: 6.1, 15.1.1
NIST 800-26: 5
DOD 8500.2: DCAR-1, E3.4.6
DCID 6/3: DCID: B.2.a, Manual: 2.B.4.e(5)
System Security Plan
ISO/IEC 17799: 6.1
NIST 800-26: 4.1.5, 5.1.1, 5.1.2, 12.2.1
GAO FISCAM: SP-2.1
DOD 8500.2: DCSD-1
DCID 6/3: 1.F.6, 2.B.6.c(3), 2.B.7.c(5), 9.E.2.a(1)(d), 9.F.2.a, Appendix C
System Security Plan Update
ISO/IEC 17799: 6.1
NIST 800-26: 3.2.10, 5.2.1
GAO FISCAM: SP-2.1
DOD 8500.2: 5.7.5
DCID 6/3: 2.B.7.c(5)
Rules of Behavior
ISO/IEC 17799: 7.1.3, 8.1.3, 15.1.5
NIST 800-26: 4.1.3, 13.1.1
DOD 8500.2: PRRB-1
DCID 6/3: 2.B.9.b
Privacy Impact Assessment
ISO/IEC 17799: 15.1.4
DCID 6/3: DCID: B.3.a; Manual: 8.B.9
Security-Related Activity Planning
ISO/IEC 17799: 15.3.1
Applicable 800-53 Personnel Security
Personnel Security Policy and Procedures
ISO/IEC 17799: 8.1.1, 15.1.1
NIST 800-26: 6
DOD 8500.2: PRRB-1, DCAR-1
DCID 6/3: DCID: B.2.a, Manual: 2.B.4.e(5); 8.E
Position Categorization
ISO/IEC 17799: 8.1.2
NIST 800-26: 6.1.1, 6.1.2
GAO FISCAM: SD-1.2
DCID 6/3: 8.E
Personnel Screening
ISO/IEC 17799: 8.1.2
NIST 800-26: 6.2.1, 6.2.3
GAO FISCAM: SP-4.1
DOD 8500.2: PRAS-1
DCID 6/3: 2.B.7.c(2), 2.B.8.b(5), 8.E
Personnel Termination
ISO/IEC 17799: 8.1.3, 8.3, 11.2.1
NIST 800-26: 6.1.7
GAO FISCAM: SP-4.1
DOD 8500.2: 5.12.7
DCID 6/3: 2.B.9.b(6), 4.B.2.a(3)(e), 8.E
Personnel Transfer
ISO/IEC 17799: 8.3.1, 8.3.3, 11.2.1
NIST 800-26: 6.1.7
GAO FISCAM: SP-4.1
DOD 8500.2: 5.12.7
DCID 6/3: 2.B.9.b(6)
Access Agreements
ISO/IEC 17799: 6.1.5, 8.1.3
NIST 800-26: 6.1.5, 6.2.2
GAO FISCAM: SP-4.1
DOD 8500.2: PRRB-1
DCID 6/3: 1.E.2, 8.E
Third-Party Personnel Security
ISO/IEC 17799: 6.2.1, 6.2.3, 8.1.1, 8.1.2, 8.1.3, 8.2.1, 8.2.2, 11.2.1
GAO FISCAM: SP-4.1
DOD 8500.2: 5.7.10
DCID 6/3: 1.A.1, 8.D, 8.E
Personnel Sanctions
ISO/IEC 17799: 8.2.3, 11.2.1
NIST 800-26: 6.1.5
DOD 8500.2: PRRB-1
DCID 6/3: 4.B.2.a(3)(e), 8.E
Applicable 800-53 Risk Assessment
Risk Assessment Policy and Procedures
ISO/IEC 17799: 4.1, 15.1.1
NIST 800-26: 1
DOD 8500.2: DCAR-1
DCID 6/3: DCID: B.3.a, Manual: 2.B.4.e(5)
Security Categorization
ISO/IEC 17799: 7.2.1
NIST 800-26: 1.1.3, 3.1.1
GAO FISCAM: SP-1, AC-1.1, AC-1.2
DOD 8500.2: E3.4.2
DCID 6/3: 3.C, 3.D, 9.E.2.a(1)(a), 9.E.2.a(1)(d)
Risk Assessment
ISO/IEC 17799: 4, 4.1, 4.2, 6.2.1, 10.10.2, 10.10.5, 12.5.1, 12.6.1, 14.1.1, 14.1.2
NIST 800-26: 1.1.2, 1.1.4, 1.1.5, 1.1.6, 1.2.1, 1.2.2, 1.2.3, 3.1.7, 3.1.8, 4.1.7, 7.1.13, 7.1.19, 12.2.4
GAO FISCAM: SP-1
DOD 8500.2: DCDS-1, DCII-1, E3.3.10
DCID 6/3: 9.B
Risk Assessment Update
ISO/IEC 17799: 4.1
NIST 800-26: 1.1.2, 4.1.2
GAO FISCAM: SP-1
DOD 8500.2: DCAR-1, DCII-1
DCID 6/3: 9.B.4.f, 9.D.1.d
Vulnerability Scanning
ISO/IEC 17799: 12.6.1
NIST 800-26: 10.3.2, 14.2.1
DOD 8500.2: ECMT-1, VIVM-1
DCID 6/3: 4.B.3.a(8)(b), 4.B.3.b(6)(b), 9.B.4.e
Applicable 800-53 System and Services Acquisition
System and Services Acquisition Policy and Procedures
ISO/IEC 17799: 12.1, 15.1.1
NIST 800-26: 3
DOD 8500.2: DCAR-1
DCID 6/3: DCID: B.2.a, Manual: 2.B.4.e(5)
Allocation of Resources
ISO/IEC 17799: 10.3.1
NIST 800-26: 3.1.2, 3.1.3, 3.1.5, 5.1.3
DOD 8500.2: DCPB-1, E3.3.4
DCID 6/3: DCID: C.2.a, Manual: 2.B.4.e(8)
Life Cycle Support
NIST 800-26: 3.1
DOD 8500.2: 5.8.1
DCID 6/3: DCID: B.2.a, Manual: 9.E.2
Acquisitions
ISO/IEC 17799: 12.1.1
NIST 800-26: 3.1.6, 3.1.7, 3.1.10, 3.1.11, 3.1.12
DOD 8500.2: DCAS-1, DCDS-1, DCIT-1, DCMC-1
DCID 6/3: DCID: B.2.a; C.2.a, Manual: 9.B.4
Information System Documentation
ISO/IEC 17799: 10.7.4
NIST 800-26: 3.2.3, 3.2.4, 3.2.8, 12.1.1, 12.1.2, 12.1.3, 12.1.6, 12.1.7
GAO FISCAM: CC-2.1
DOD 8500.2: DCCS-1, DCHW-1, DCID-1, DCSD-1, DCSW-1, ECND-1, DCFA-1
DCID 6/3: 4.B.2.b(2), 4.B.2.b(3), 4.B.4.b(4), 9.C.3
Software Usage Restrictions
ISO/IEC 17799: 15.1.2
NIST 800-26: 10.2.10, 10.2.13
GAO FISCAM: SS-3.2, SP-2.1
DOD 8500.2: DCPD-1
DCID 6/3: 2.B.9.b(11)
User Installed Software
ISO/IEC 17799: 15.1.2
NIST 800-26: 10.2.10
GAO FISCAM: SS-3.2
DCID 6/3: 2.B.9.b(11)
Security Engineering Principles
ISO/IEC 17799: 12.1
NIST 800-26: 3.2.1
DOD 8500.2: DCBP-1, DCCS-1, E3.4.4
DCID 6/3: 1.H.1
Outsourced Information System Services
ISO/IEC 17799: 6.2.1, 6.2.3, 10.2.1, 10.2.2, 10.6.2
NIST 800-26: 12.2.3
DOD 8500.2: DCDS-1, DCID-1 DCIT-1, DCPP-1
DCID 6/3: 1.B.1, 8.C.2, 8.E
Developer Configuration Management
ISO/IEC 17799: 12.5.1, 12.5.2
GAO FISCAM: SS-3.1, CC-3
DCID 6/3: 4.B.4.b(4), 8.C.2.a
Developer Security Testing
ISO/IEC 17799: 12.5.1, 12.5.2
NIST 800-26: 3.2.1, 3.2.2, 10.2.5, 12.1.5
GAO FISCAM: SS-3.1, CC-2.1
DOD 8500.2: E3.4.4
DCID 6/3: 4.B.4.b(4)
Applicable 800-53 System and Communication Protection
System and Communications Protection Policy and Procedures
ISO/IEC 17799: 10.8.1, 15.1.1
DOD 8500.2: DCAR-1
DCID 6/3: DCID: B.2.a, Manual: 2.B.4.e(5)
Application Partitioning
ISO/IEC 17799: 11.4.5
DOD 8500.2: DCPA-1
DCID 6/3: 4.B.3.b(6)(a), 4.B.4.b(8), 5.B.3.b(2)
Security Function Isolation
ISO/IEC 17799: 11.4.5
DOD 8500.2: DCSP-1
DCID 6/3: 4.B.3.b(6)(a), 4.B.4.b(8), 5.B.3.b(1), 5.B.3.b(2)
Information Remnants
ISO/IEC 17799: 10.8.1
GAO FISCAM: AC-3.4
DOD 8500.2: ECRC-1
DCID 6/3: 4.B.2.a(14)
Denial of Service Protection
ISO/IEC 17799: 10.8.4, 13.2.1
DCID 6/3: 6.B.3.a(6)
Resource Priority
DCID 6/3: 6.B.3.a(11)
Boundary Protection
ISO/IEC 17799: 11.4.6
NIST 800-26: 16.2.2, 16.2.7, 16.2.9, 16.2.10, 16.2.11, 16.2.14
GAO FISCAM: AC-3.2
DOD 8500.2: COEB-1, EBBD-1, ECIM-1, ECVI-1
DCID 6/3: 4.B.4.a(27), 5.B.3.a(11)(b), 7.A.3, 7.B, 7.C, 7.D
Transmission Integrity
ISO/IEC 17799: 10.6.1, 10.8.1, 10.9.1
NIST 800-26: 11.2.1, 11.2.4, 11.2.9, 16.2.14
GAO FISCAM: AC-3.2
DOD 8500.2: ECTM-1
DCID 6/3: 5.B.3.a(11)
Transmission Confidentiality
ISO/IEC 17799: 10.6.1, 10.8.1, 10.9.1
DOD 8500.2: ECCT-1
DCID 6/3: 4.B.1.a(8)(a)
Network Disconnect
ISO/IEC 17799: 11.5.6
NIST 800-26: 16.2.6
GAO FISCAM: AC-3.2
DCID 6/3: 4.B.2.a(17)
Trusted Path
ISO/IEC 17799: 10.9.2
NIST 800-26: 16.2.7
DCID 6/3: 4.B.4.a(14)
Cryptographic Key Establishment and Mgmt.
ISO/IEC 17799: 12.3.1, 12.3.2
NIST 800-26: 16.1.7, 16.1.8
DOD 8500.2: IAKM-1
DCID 6/3: 1.G
Use of Validated Cryptography
NIST 800-26: 16.1.7, 16.1.8
DOD 8500.2: IAKM-1, IATS-1
DCID 6/3: 1.G.1
Public Access Protections
ISO/IEC 17799: 10.7.4, 10.9.3
DOD 8500.2: EBPW-1
Collaborative Computing
DOD 8500.2: ECVI-1
DCID 6/3: 7.G
Transmission of Security Parameters
ISO/IEC 17799: 7.2.2, 10.8.2, 10.9.2
NIST 800-26: 16.1.6
GAO FISCAM: AC-3.2
DOD 8500.2: ECTM-2
DCID 6/3: 4.B.1.a(3)
Public Key Infrastructure Certificates
ISO/IEC 17799: 12.3.2
DOD 8500.2: IAKM-1
DCID 6/3: 2.B.4.e(5), 4.B.3.a(11)
Mobile Code
ISO/IEC 17799: 10.4.1, 10.4.2
DOD 8500.2: DCMC-1
DCID 6/3: 2.B.4.e(5), 7.E
Voice Over Internet Protocol
DOD 8500.2: ECVI-1
DCID 6/3: DCID 6/3 2.B.4.d, 9.D.1.a
Secure Name Address Resolution Service (Authoritative Source)
Secure Name Address Resolution Service (Resolution)
Architecture and Provisioning for Name/Address Resolution Service
Session Authenticity
Applicable 800-53 System and Information Integrity
System and Information Integrity Policy and Procedures
ISO/IEC 17799: 15.1.1
NIST 800-26: 11
DOD 8500.2: DCAR-1
DCID 6/3: DCID: B.2.a, Manual: 2.B.4.e(5), 5.B.1.b(1), 5.B.2.a(5)(a)(1)
Flaw Remediation
ISO/IEC 17799: 10.10.5, 12.4.1, 12.5.1, 12.5.2, 12.6.1
NIST 800-26: 10.3.2, 11.1.1, 11.1.2, 11.2.2, 11.2.7
GAO FISCAM: SS-2.2
DOD 8500.2: DCSQ-1, DCCT-1, VIVM-1
DCID 6/3: 5.B.2.a(5)(a)(3), 6.B.2.a(5)
Malicious Code Protection
ISO/IEC 17799: 10.4.1
NIST 800-26: 11.1.1, 11.1.2
DOD 8500.2: ECVP-1, VIVM-1
DCID 6/3: 5.B.1.a(4), 7.B.4.b(1)
Information System Monitoring Tools and Techniques
ISO/IEC 17799: 10.6.2, 10.10.1, 10.10.2, 10.10.4
NIST 800-26: 11.2.5, 11.2.6
DOD 8500.2: EBBD-1, EBVC-1, ECID-1
DCID 6/3: 4.B.2.a(5)(b), 4.B.3.a(8)(b), 6.B.3.a(8)
Security Alerts and Advisories
ISO/IEC 17799: 6.1.7, 10.4.1
NIST 800-26: 14.1.1, 14.1.2, 14.1.5
GAO FISCAM: SP-3.4
DOD 8500.2: VIVM-1
DCID 6/3: 8.B.7
Security Functionality Verification
NIST 800-26: 11.2.1, 11.2.2
GAO FISCAM: SS-2.2
DOD 8500.2: DCSS-1
DCID 6/3: 4.B.1.c(2), 5.B.2.b(2)
Software and Information Integrity
ISO/IEC 17799: 12.2.1, 12.2.2, 12.2.4
NIST 800-26: 11.2.1, 11.2.4
DOD 8500.2: ECSD-2
DCID 6/3: 4.B.1.c(2), 5.B.1.a(3), 5.B.2.a(6)
Spam Protection
DCID 6/3: 5.B.1.a(4)
Information Input Restrictions
ISO/IEC 17799: 12.2.1, 12.2.2
GAO FISCAM: SD-1
DCID 6/3: 2.B.9.b(11)
Information Accuracy, Completeness, Validity, and Authenticity
ISO/IEC 17799: 10.7.3, 12.2.1, 12.2.2
DCID 6/3: 7.B.2.h, 2.B.4.d
Error Handling
ISO/IEC 17799: 12.2.1, 12.2.2, 12.2.3, 12.2.4
DCID 6/3: 2.B.4.d
Information Output Handling and Retention
ISO/IEC 17799: 10.7.3, 12.2.4
DOD 8500.2: PESP-1
DCID 6/3: 2.B.4.d, 8.B.9, 8.G
Introduction
This guide has been created to assist federal agencies in effectively securing systems with Microsoft Windows Vista Firewall based on OMB Federal Desktop Core Configuration recommendations.Under the direction of OMB and in collaboration with DHS, DISA, NSA, USAF, and Microsoft, NIST has provided the following baseline to help agencies test, implement, and deploy the Microsoft Windows Vista Firewall Federal Desktop Core Configuration (FDCC) baseline. The Federal Desktop Core Configuration (FDCC) is an OMB-mandated security configuration.Please refer to the FDCC home page for additional information. http://fdcc.nist.gov
FDCC Other Settings
FDCC has identified the following additional controls that must be checked in order to verify compliance.
Outbound Rules
todo
IPv6 Block of Protocols 41
todo - description needed
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Outbound Rules
CCE-2865-4
CCE-1795
IPv6 Block of UDP 3544
todo - description needed
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Outbound Rules
CCE-3508-9
CCE-1293
Windows Firewall with Advanced Security - Domain Profile
The Domain Profile applies when a computer is connected to a network and authenticates to a domain controller in the domain to which the computer belongs.
domain_profile_log_dropped_packets_var
todo
1
0
1
domain_profile_logged_successful_connections_var
todo
1
0
1
domain_profile_name_var
todo
^%windir%\\system32\\logfiles\\firewall\\[^\.][^\\]*$
^%windir%\\system32\\logfiles\\firewall\\[^\.][^\\]*$
domain_profile_size_limit_var
todo
0
16384
Display a Notification
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
0
0
1
Apply Local Connection Security Rules
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
0
0
1
Apply Local Firewall Rules
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
0
0
1
Allow Unicast Response
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
1
0
1
Firewall state
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
1
1
1
Inbound Connections
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
1
0
1
Outbound Connections
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
0
0
1
Log Dropped Packets
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging
CCE-3260-7
CCE-251
Logged Successful Connections
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging
CCE-3414-0
CCE-617
Name
The log file path and name for the Windows Firewall should be configured correctly for the Domain Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging
CCE-2533-8
CCE-793
Size Limit
The log file size limit for the Windows Firewall should be configured correctly for the Domain Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging
CCE-3299-5
CCE-57
Display a Notification
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Settings\Firewall settings
CCE-4941-1
CCE-1047
Apply Local Connection Security Rules
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Settings\Rule merging
CCE-2977-7
CCE-584
Apply Local Firewall Rules
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Settings\Rule merging
CCE-3457-9
CCE-400
Allow Unicast Response
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Settings\Unicast response
CCE-3436-3
CCE-696
Firewall state
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\State
CCE-3054-4
CCE-806
Inbound Connections
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\State
CCE-2999-1
CCE-249
Outbound Connections
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\State
CCE-3439-7
CCE-485
Windows Firewall with Advanced Security - Private Profile
The Public Profile is the default network location type when the computer is not connected to a domain. Public profile settings should be the most restrictive because the computer is connected to a public network where security cannot be as tightly controlled as within an IT environment.
private_profile_log_dropped_packets_var
todo
1
0
1
private_profile_logged_successful_connections_var
todo
1
0
1
private_profile_name_var
todo
%windir%\system32\logfiles\firewall\publicfirewall
^%windir%\\system32\\logfiles\\firewall\\[^\.][^\\]*$
private_profile_size_limit_var
todo
0
16384
Display a Notification
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
0
0
1
Apply Local Connection Security Rules
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
1
0
1
Apply Local Firewall Rules
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
1
0
1
Allow Unicast Response
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
1
0
1
Firewall state
todo - description needed
1
1
1
Inbound Connections
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
1
0
1
Outbound Connections
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
0
0
1
Log Dropped Packets
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Private Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging
CCE-4597-1
CCE-325
Logged Successful Connections
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Private Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging
CCE-4963-5
CCE-327
Name
The log file path and name for the Windows Firewall should be configured correctly for the Private Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging
CCE-4206-9
CCE-999
Size Limit
The log file size limit for the Windows Firewall should be configured correctly for the Private Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging
CCE-4207-7
CCE-1091
Display a Notification
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Settings\Firewall settings
CCE-3417-3
CCE-38
Apply Local Connection Security Rules
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Settings\Rule merging
CCE-2854-8
CCE-199
Apply Local Firewall Rules
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Settings\Rule merging
CCE-3360-5
CCE-117
Allow Unicast Response
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Settings\Unicast response
CCE-2924-9
CCE-70
Firewall state
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\State
CCE-3373-8
CCE-7
Inbound Connections
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\State
CCE-3395-1
CCE-29
Outbound Connections
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile).
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\State
CCE-3166-6
CCE-32
Windows Firewall with Advanced Security - Public Profile
The Private Profile only applies if a user with local administrator privileges assigns it to a network that was previously set to Public. Microsoft recommends only doing this for a trusted network.
public_profile_log_dropped_packets_var
todo
1
0
1
public_profile_logged_successful_connections_var
todo
1
0
1
public_profile_name_var
todo
%windir%\system32\logfiles\firewall\publicfirewall
^%windir%\\system32\\logfiles\\firewall\\[^\.][^\\]*$
public_profile_size_limit_var
todo
0
16384
Display a Notification
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
1
0
1
Apply Local Connection Security Rules
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
0
0
1
Apply Local Firewall Rules
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
0
0
1
Allow Unicast Response
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
1
0
1
Firewall state
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
1
1
1
Inbound Connections
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
1
0
1
Outbound Connections
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
0
0
1
Log Dropped Packets
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Public Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging
CCE-4507-0
CCE-1165
Logged Successful Connections
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Public Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging
CCE-5128-4
CCE-534
Name
The log file path and name for the Windows Firewall should be configured correctly for the Public Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging
CCE-4639-1
CCE-1263
Size Limit
The log file size limit for the Windows Firewall should be configured correctly for the Public Profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging
CCE-4278-8
CCE-1313
Display a Notification
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Settings\Firewall settings
CCE-2998-3
CCE-390
Apply Local Connection Security Rules
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Settings\Rule merging
CCE-3426-4
CCE-437
Apply Local Firewall Rules
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Settings\Rule merging
CCE-2650-0
CCE-421
Allow Unicast Response
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Settings\Unicast response
CCE-2641-9
CCE-414
Firewall state
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\State
CCE-3246-6
CCE-295
Inbound Connections
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\State
CCE-3263-1
CCE-338
Outbound Connections
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile.
GPO
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\State
CCE-3351-4
CCE-342