Checklist Summary:

THiS CHECKLIST HAS BEEN ARCHIVED. USGCB CONTENT SHOULD BE USED. NIST Special Publication 800-68 has been created to assist IT professionals, in particular Windows XP system administrators and information security personnel, in effectively securing Windows XP Professional SP2 systems. It discusses Windows XP and various application security settings in technical detail. The guide provides insight into the threats and security controls that are relevant for various operational environments, such as for a large enterprise or a home office. It describes the need to document, implement, and test security controls, as well as to monitor and maintain systems on an ongoing basis. It presents an overview of the security components offered by Windows XP and provides guidance on installing, backing up, and patching Windows XP systems. It discusses security policy configuration, provides an overview of the settings in the accompanying NIST security templates, and discusses how to apply additional security settings that are not included in the NIST security templates. It demonstrates securing popular office productivity applications, Web browsers, e-mail clients, personal firewalls, antivirus software, and spyware detection and removal utilities on Windows XP systems to provide protection against viruses, worms, Trojan horses, and other types of malicious code. This list is not intended to be a complete list of applications to install on Windows XP system, nor does it imply NISTs endorsement of particular commercial off-the-shelf (COTS) products.

Checklist Role:

• Client Desktop and Mobile Host

Known Issues:

Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. These recommendations should be applied only to the Windows XP Professional SP2 Systems and will not work on Windows 9X/ME, Windows NT, Windows 2000 or Windows Server 2003. The security templates have been tested on WinXP Professional SP2 systems and will not work on Windows 9X/ME, Windows NT, Windows 2000 or Windows Server 2003. The Specialized Security-Limited Functionality template should not be used by home users and should be used with caution since it will restrict the functionality and reduce the usability of the system.

Target Audience:

This checklist has been created for IT professionals, particularly Windows XP system administrators and information security personnel. The document assumes that the reader has experience installing and administering Windows-based systems in domain or standalone configurations.

Target Operational Environment:

• Standalone
• Managed
• Specialized Security-Limited Functionality (SSLF)
• Legacy

Testing Information:

The security templates have been tested on Windows XP Professional SP2 systems and will not work on Windows 9X/ME, Windows NT, Windows 2000 or Windows Server 2003.

Regulatory Compliance:

The recommendations are consistent with the security control baselines advocated in SP 800-53 (NIST FISMA implementation project publication).

Comments/Warnings/Miscellaneous:

Refer to Known Issues.

Disclaimer:

Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic. NIST would appreciate acknowledgement if the document and template are used.

Product Support:

Microsoft will provide best efforts support, in line with the customer's support contract, to assist in removing the worst results of such file permissions, but Microsoft can only guarantee returning to the recommended out-of-the-box settings by reformatting and reinstalling the operating system.

Point of Contact:

itsec@nist.gov

Sponsor:

Chase Carpenter and Kurt Dillard, Microsoft Corporation

Licensing:

This document was developed at the National Institute of Standards and Technology, which collaborated with NSA, DISA, USAF, CIS, and Microsoft to produce the Windows XP security templates. Pursuant to title 17 Section 105 of the United States Code this document and template are not subject to copyright protection and is in the public domain.

Change History:

SCAP Content
2009-08-10 - SCAP content replaced with current FDCC content, the FDCC content implements a subset of 800-68 settings.
2007-07-30 - Draft Release

Security Templates (.inf files)
2005-11-02 - Release 1.2.0
2004-08-24 - Draft Update R1.0.2
2004-07-04 - Draft Update R1.0.1
2004-06-24 - Draft Release R1.0

Guidance for Securing Microsoft Windows XP Systems for IT Professionals document
2005-11-02 - Final Release
2004-08-24 - Draft Update
2004-07-04 - Draft Update
2004-06-24 - Draft Release
null
null

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 06/01/2017