The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security.
This checklist represents the USGCB guidance for Microsoft Windows Vista Firewall.
Spreadsheet containing known issues can be found at http://usgcb.nist.gov/usgcb/microsoft_content.html, under the "Documentation" column.
US Federal Agencies.
Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows 7 Ultimate 32-bit, Windows 7 Ultimate 64-bit, Windows 7 Enterprise x86, and Windows 7 Enterprise x64. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.
The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.
These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Microsoft to produce the Windows 7, Windows 7 Firewall, Internet Explorer 8 USGCB. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.
04/24/2015 - USGCB SCAP 1.2 content release
11/28/2012 - USGCB OVAL 5.10 patch content added.
05/21/2012 - USGCB OVAL 5.3 & 5.4 patch content updated.
04/23/2012 - USGCB OVAL 5.3 & 5.4 patch content updated. USGCB OVAL 5.10 patch content added.
03/22/2012 - Content bundle repackaged, no content changes.
01/23/2012 - USGCB OVAL 5.3 & 5.4 patch content updated.
11/14/2011 - USGCB OVAL 5.3 & 5.4 patch content updated.
11/10/2011 - USGCB GPOs updated.
10/17/2011 - Major Version 2.0 released
04/08/2009 - Major Version 1.2 released
10/31/2008 - Major Version 126.96.36.199 released
06/20/2008 - Major Version 1.0 released
23 January 2012 - USGCB major version 2.0.x.0 SCAP content posted.
Removed SCAP 1.0 Content - 26 January 2015
Updated Links to CRSC website - 03/30/2018
NIST checklist record last modified on 03/30/2018