United States Government Configuration Baseline

Modification Log

2017.01.27 - Microsoft Virtual PC Windows 7 32-bit VHD (USGCB-Windows7-VPC-x86-1.1.x.0-20110124.zip) - End of Life (EOL). This VHD is no longer supported and is unavailable.
2015.04.20 - USGCB SCAP 1.2 Content Final Release for Microsoft Windows XP, Windows Vista, Windows 7, Windows XP Firewall, Windows Vista Firewall, Windows 7 Firewall, Internet Explorer 7, and Internet Explorer 8 posted.
2015.02.25 - USGCB SCAP 1.2 Content Release Candidate 1 for Microsoft Windows XP, Windows Vista, Windows 7, Windows XP Firewall, Windows Vista Firewall, Windows 7 Firewall, Internet Explorer 7, and Internet Explorer 8 posted.
2015.02.25 - Removed USGCB SCAP 1.0 data streams.
2014.01.17 - USGCB 1.2.5.0 SCAP Content released for Red Hat Enterprise Linux 5 Desktop.
2014.01.10 - Reminder - as announced in October 2011, FDCC and USGCB content have been versioned to SCAP 1.2 to increase the number of automatically-checked configuration settings, improve the accuracy of configuration setting and patch application scanning, and to keep pace with technology as dictated by vendor progression in operating system and application technologies. On December 31, 2013, support for USGCB content based on SCAP 1.0 expired and maintenance (including monthly patch updates for SCAP 1.0 content) has been discontinued. While authors of SCAP content/checklists may continue to produce and maintain SCAP 1.0 and 1.1 versioned content according to their technology requirements and follow the recommended least version principle for the SCAP content described in SCAP Content Conventions, United States government agencies should not use expired USGCB/FDCC content. Information is available in this section of the USGCB Frequently Asked Question page. This question describes the current releases of SCAP content. These two questions describe the end of maintenance of the SCAP 1.0 content, including monthly USGCB patch updates. These three questions provide additional guidance to federal agencies regarding USGCB, and these two questions provide information about migration to SCAP 1.2.
2014.01.10 - As described in previous notifications to product vendors and validation laboratories, SCAP 1.0 validations expired on December 31, 2013. Only SCAP 1.2 product validations will be considered beginning January 1, 2014. Products which have completed SCAP 1.2 validation are posted on the Validated Products and Modules. Additional information is provided in the Security Content Automation Protocol (SCAP) Validation FAQ.
2013.12.17 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.12.17 - USGCB 1.1.5.0 SCAP Content released for Red Hat Enterprise Linux 5 Desktop.
2013.11.19 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.10.22 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.09.20 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.08.30 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.08.09 - As announced on 2013.06.03, NIST has released a supplemental USGCB SCAP 1.0 content for Windows due to an issue that has been identified with the current content. For users who are experiencing directory server performance issues caused by the existing USGCB content, the supplemental USGCB SCAP 1.0 content is available for download at Supplemental USGCB SCAP 1.0 Content.
2013.07.31 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.06.25 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.06.03 - NIST is releasing supplemental USGCB SCAP 1.0 content for Windows due to an issue that has been identified with the current content. This issue may cause excessive directory server performance degradation or system failure. The supplemental content will use an alternate method for checking the file effective rights in the USGCB content that avoids the performance issue. Although this alternate method is a valid SCAP 1.0 checking method, it was not part of the SCAP 1.0 Validation Program; therefore, NIST cannot post the content as Tier IV content as defined by SP 800-70rev2. For users who are experiencing directory server performance issues caused by the existing USGCB content, the supplemental USGCB SCAP 1.0 content will be available on the NIST USGCB web site within two months of the publication date of this notice.
2013.05.29 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.04.29 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.03.21 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.02.23 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2013.01.22 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.12.28 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.12.05 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.11.28 - SCAP 1.2 (Oval 5.10) content signature updated; no other change to content.
2012.10.31 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.08.17 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.07.30 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.06.15 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.05.21 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.04.23 - SCAP 1.2 data streams now available for all USGCB-supported Microsoft products.
2012.04.23 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.03.22 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.02.23 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.02.10 - Updated documentation for USGCB settings.
2012.01.23 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2011.11.14 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7 Firewall, Windows 7, Windows Vista Firewall, Windows Vista, Windows XP Firewall, and Windows XP.
2011.11.10 - USGCB GPOs updated for Internet Explorer 8, Internet Explorer 7, Windows 7 Firewall, Windows 7, Windows Vista Firewall, Windows Vista, Windows XP Firewall, and Windows XP.
2011.11.08 - USGCB 1.0.5.0 SCAP Content updated for Red Hat Enterprise Linux 5 Desktop. Removed version information in the filenames of the USGCB settings and known issues.
2011.10.26 - USGCB Major Version 1.2.x.0 VHDs released for Windows 7. USGCB Major Version 2.0.x.0 GPOs released for Windows 7. USGCB Settings and Known Issues renamed to exclude version information.
2011.10.26 - USGCB Patch Content updated for Major Version 2.0.x.0 for Microsoft Windows XP and Internet Explorer 7 and Major Version 1.2.x.0 for Microsoft Windows 7, Windows 7 Firewall, and Internet Explorer 8.
2011.10.17 - Released 2.0.x.0 for Microsoft Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, and Internet Explorer 7 and 1.2.x.0 for Microsoft Windows 7, Windows 7 Firewall, and Internet Explorer 8.
2011.10.03 - Fixed versioning for Microsoft Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, and Internet Explorer 7 from 1.2.x.0-Alpha-Candidate to 2.0.x.0-Alpha-Candidate, for Microsoft Windows 7, Windows 7 Firewall, and Internet Explorer 8 from 2.0.x.0 to 1.2.x.0, and for Red Hat Enterprise Linux 5 Desktop from 1.1.2.0 to 1.0.5.0.
2011.09.30 - USGCB 1.0.5.0 SCAP Content, Kickstart Configuration, and Documentation released for Red Hat Enterprise Linux 5 Desktop.
2011.09.26 - Registration is now open for the 7th Annual IT Security Automation Conference taking place in Arlington (Crystal City), Virginia from October 31 to November 2, 2011. Please visit SCAP Events for the draft agenda, conference announcement, and registration link. The 3-day event includes tutorials, tracks, workshops, and vendor expo.
2011.09.21 - USGCB Major Version 2.0.x.0-Alpha-Candidate SCAP Content released for Internet Explorer 7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall. USGCB Major Version 2.0.x.0 SCAP Content released for Internet Explorer 8, Windows 7, and Windows 7 Firewall.
2011.08.18 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.07.27 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.07.26 - USGCB Beta-Candidate Puppet Modules updated for Red Hat Enterprise Linux 5 Desktop.
2011.07.06 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.04.28 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.03.31 - USGCB Beta-Candidate Kickstart Configuration released for Red Hat Enterprise Linux 5 Desktop.
2011.03.29 - USGCB Beta-Candidate SCAP Content, Puppet Modules, and Documentation released for Red Hat Enterprise Linux 5 Desktop.
2011.03.18 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.02.28 - USGCB Alpha-Candidate SCAP Content, Configuration Support Files, and Documentation released for Red Hat Enterprise Linux 5 Desktop.
2011.02.22 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.02.04 - USGCB Major Version 1.1.x.0 GPOs released for Internet Explorer 8, Windows 7, and Windows 7 Firewall. USGCB Major Version 1.1.x.0 VHDs released for Windows 7.
2011.01.31 - NIST updated the SCAP Validation Program to include USGCB test requirements and test tools. Accredited laboratories are now able to validate product capability to process USGCB SCAP content and produce SCAP compliant results.
2011.01.31 - USGCB Major Version 1.1.x.0 SCAP Content released for Internet Explorer 8, Windows 7, and Windows 7 Firewall.

This release includes updated documentation for USGCB settings and known issues. Please note that distinct content for the X86 and AMD64 platform architectures have been combined into a single stream that works on both platforms.
2011.01.20 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.01.07 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2010.11.17 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2010.11.16 - USGCB Settings Spreadsheet updated. This version includes about 12 typographical corrections. There are no changes to the setting values.
2010.11.09 - USGCB/FDCC Comparison Spreadsheets for Windows and Internet Explorer updated.
2010.11.03 - USGCB GPOs, Patch Content, and VHDs updated for Windows 7.
USGCB Policy
- No changes were made to the USGCB Policy.
GPOs
- Removed all Alpha and Beta instances in XML results file.
SCAP Content
- OVAL - Corrected the registry value name for the "Do not process the run once list" (CCE-10154-3).
- XCCDF - Corrected the value mapping table for "Allow users to connect remotely using Remote Desktop Services" (CCE-9985-3).
VHDs
- Added VHD for Virtual PC
- Updated VHDs to include all October Updates
2010.10.27 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2010.10.20 - USGCB VHDs and GPOs posted for Internet Explorer 8, Windows 7, and Windows 7 Firewall. The settings in the VHDs and GPOs have not changed with respect to the final USGCB policy released in August.
2010.09.30 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2010.09.24 - USGCB Major Version 1.0.x.0 released for Windows 7, Windows 7 Firewall, and Internet Explorer 8. The previous USGCB beta settings has been approved by the Federal CIO Council's Architecture and Infrastructure Committee's (AIC) Technology Infrastructure Subcommittee (TIS) for release as the first USGCB Major Version; please note that USGCB settings have not changed since the previous beta release.

This release includes updated documentation for USGCB settings and known issues. Also included in this release is updated SCAP content for Windows 7, Windows 7 Firewall, and Internet Explorer 8. A new SCAP data stream has been added to the Windows 7 SCAP Content; this new stream captures settings specific to USGCB energy conservation policy.
2010.08.31 - Beta USGCB Settings released for Windows 7, Windows 7 Firewall, and Internet Explorer 8. The updates to these Beta settings were based on feedback collected from numerous federal agencies during a public comment period for the Alpha USGCB settings. NIST, at the request of the Federal CIO Council's Architecture and Infrastructure Committee's (AIC) Technology Infrastructure Subcommittee (TIS), evaluated this feedback and updated the USGCB settings where appropriate. A detailed change log describing all setting updates can be found in the USGCB Beta Settings Spreadsheet.

Also included in this release are the supporting material for implementing and verifying the Beta USGCB Settings on Windows 7, Windows 7 Firewall, and Internet Explorer 8. This includes updated SCAP Content, GPOs, and VHDs.
2010.08.20 - Alpha USGCB Content for August 2010 updated for Windows 7 and Internet Explorer 8.
2010.08.09 - Alpha USGCB Content for August 2010 released for Windows 7 and Internet Explorer 8.
2010.08.03 - Alpha USGCB Content for August 2010 released for Windows 7 and Windows 7 Firewall.
2010.07.28 - Registration is now open for the 6th Annual IT Security Automation Conference taking place in Baltimore Inner Harbor on September 27-29, 2010. Please visit SCAP events for the draft agenda, conference announcement, and registration link. The 3-day event includes tutorials, tracks, workshops, and vendor expo.
2010.07.20 - Alpha USGCB Content for July 2010 released for Windows 7 and Internet Explorer 8.
2010.06.30 - USGCB/FDCC Comparison Spreadsheets for Windows and Internet Explorer posted.
2010.06.16 - Alpha USGCB Content for June 2010 released for Windows 7 and Internet Explorer 8.
2010.05.28 - Alpha USGCB Content for Windows 7 and Windows 7 Firewall updated to include setting documentation, SCAP content bug fixes, GPO bug fixes and VHD bug fixes. Please note that no USGCB setting values have changed, this update includes only bug fixes and improved documentation. Also included in this update are non-machine readable CCE to NIST SP 800-53 policy control mappings, which can be found in USGCB Alpha Settings spreadsheet. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are distributed.
2010.04.23 - Alpha USGCB Settings, Content, VHDs, and FAQ released for Windows 7, Windows 7 Firewall, and Internet Explorer 8.

Project Links

Additional Pages

Official Memoranda Modification Log USGCB Content Microsoft Content Windows 7 Windows 7 Firewall Windows Vista Windows Vista Firewall Windows XP Windows XP Firewall Internet Explorer 8 Internet Explorer 7 Virtual Hard Disks RedHat Content RHEL 5 Disclaimer

Contacts

USGCB Inquiries
usgcb@nist.gov

Information Technology Laboratory

Computer Security Resource Center

Computer Security Resource Center

United States Government Configuration Baseline USGCB

Project Links

Modification Log

Project Links

Additional Pages

Contacts

Group

Topics

Related Projects

Additional Pages

Contacts

Group

Topics

Related Projects