National Vulnerability Database

National Vulnerability Database

National Vulnerability

Microsoft Windows Vista Security Checklist Version 6 Release 1.19 Checklist Details (Checklist Revisions)

SCAP 1.0 Content:

Machine-Readable CCE to 800-53 Data Stream

Supporting Resources:


    Target CPE Name
    Microsoft Windows Vista cpe:/o:microsoft:windows_vista (View CVEs)
    Microsoft Internet Explorer cpe:/a:microsoft:ie (View CVEs)

    Checklist Highlights

    Checklist Name:
    Microsoft Windows Vista Security Checklist
    Checklist ID:
    Version 6 Release 1.19
    Review Status:
    Governmental Authority: Defense Information Systems Agency
    Original Publication Date:

    Checklist Summary:

    This document is designed to instruct the reviewer on how to assess Windows Vista configurations in a Windows domain. In addition, the security settings recommended can also be used to configure Group Policy in a Windows Active Directory environment.

    Checklist Role:

    • Operating System

    Known Issues:

    Not provided.

    Target Audience:

    DISA Field Security Operations- Sites are required to secure the Microsoft Windows Vista operating system in accordance with DoD Directive 8500.1, Section 4.18 (and related footnote). The checks in this document were developed from DISA and NSA guidelines specified in the above reference, as well as the Windows Server 2003/XP/Vista security guides and security templates published by the Microsoft Corporation.

    Target Operational Environment:

    • Managed

    Testing Information:

    Not provided.

    Regulatory Compliance:

    Not provided.


    The settings in this checklist are directed towards securing a native Windows environment (i.e. Windows 2000 or later OSs). If the environment is a mixed one, with down-level OSs, or maintains trusts with down-level OSs, then the following checks should be reviewed. Configuring them to the required setting could cause compatibility problems.


    Not provided.

    Product Support:

    Not provided.

    Point of Contact:


    Not provided.


    Not provided.

    Change History:

    Added point of contact - 04 January 2015
    No Resources Verified
    moved to archive status - 4/15/19


    URL Description


    Reference URL Description

    NIST checklist record last modified on 04/15/2019