In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Security Configuration Settings

As part of a holistic risk management strategy and applying the information security concept of defense-in-depth, organizations should employ appropriate configuration settings on commercial information technology products that compose their organizational information systems. These products include, for example, mainframe computers, workstations, portable and mobile devices, and network components. Requirements to establish mandatory configuration settings derive from the Federal Information Security Management Act as implemented by FIPS 200 and NIST Special Publication 800-53 (Security Control CM-6, Configuration Settings), and OMB Policy. The following links provide important information for organizations implementing configuration settings on their information system components: