Special Publication (SP) 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals, has been published as final. It seeks to assist IT professionals in securing Windows XP Professional systems running Service Pack 2 or 3. The guide provides detailed information about the security features of Windows XP and security configuration guidelines. SP 800-68 Revision 1 updates the original version of SP 800-68, which was released in 2005.

The NIST Windows Security Baseline Database contains information on security setting baselines for Microsoft Windows XP, Windows Vista, Internet Explorer 7 (IE7), and Windows Firewall that are specified in NIST security templates and in the Federal Desktop Core Configuration (FDCC) Major Version 1.0. The database allows interested parties to view security settings by baseline or by policy (e.g., FDCC), as well as to compare baselines to each other. The information in the database is intended to supplement Draft SP 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals.

NIST has collaborated with the Defense Information Systems Agency (DISA), the National Security Agency (NSA), and Microsoft Corporation to produce Microsoft's Windows Vista baseline security settings for the Enterprise (EC) and Specialized Security/ Limited Functionality (SSLF) environments. These recommended baselines/profiles are represented in the Microsoft Vista security guide. NIST also collaborated with industry to produce the XML representation of the recommended profiles in Extensible Configuration Checklist Description Format (XCCDF) and the Open Vulnerability and Assessment Language (OVAL).

Comments and questions may be addressed to checklists@nist.gov.

NIST is pleased to announce the release of the Special Publication 800-69, Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist. SP 800-69 provides guidance to home users, such as telecommuting Federal employees, on improving the security of their home computers that run Windows XP Home Edition. Home computers face many threats from people wanting to cause mischief and disruption, commit fraud, and perform identity theft. The publication
explains the need to use a combination of security protections, such as antivirus software, antispyware software, a personal firewall, limited
user accounts, and automatic software updates, to secure a computer against threats and maintain its security. It also emphasizes the importance of performing regular backups to ensure that user data is available after an adverse event such as an attack against the computer, a hardware failure, or human error. The publication contains detailed step-by-step directions for securing Windows XP Home Edition computers that can be performed by experienced Windows XP Home Edition users.

Comments and questions may be addressed to to itsec@nist.gov.

NIST Special Publication 800-68 has been created to assist IT professionals, in particular Windows XP system administrators and information security personnel, in effectively securing Windows XP Professional SP2 systems. It discusses Windows XP and various application security settings in technical detail.The guide provides insight into the threats and security controls that are relevant for various operational environments, such as for a large enterprise or a home office. It describes the need to document, implement, and test security controls, as well as to monitor and maintain systems on an ongoing basis. It presents an overview of the security components offered by Windows XP and provides guidance on installing, backing up, and patching Windows XP systems. It discusses security policy configuration, provides an overview of the settings in the accompanying NIST security templates, and discusses how to apply additional security settings that are not included in the NIST security templates. It demonstrates securing popular office productivity applications, Web browsers, e-mail clients, personal firewalls, antivirus software, and spyware detection and removal utilities on Windows XP systems to provide protection against viruses, worms, Trojan horses, and other types of malicious code. This list is not intended to be a complete list of applications to install on Windows XP system, nor does it imply NIST's endorsement of particular commercial off-the-shelf (COTS) products.

Comments and questions may be addressed to itsec@nist.gov.

The Systems Administration Guidance for Windows 2000 Professional publication is intended to assist the users and system administrators of Windows 2000 Professional systems in configuring their hosts by providing configuration templates and security checklists. The guide provides detailed information about the security features of Win2K Pro, security configuration guidelines for popular applications, and security configuration guidelines for the Win2K Pro operating system. The guide documents the methods that the system administrators can use to implement each security setting. The principal goal of the document is to recommend and explain tested secure settings for Win2K Pro workstations with the objective of simplifying the administrative burden of improving the security of Win2K Pro systems.

This guidance document also includes recommendations for testing and configuring common Windows applications. The application types include electronic mail (e-mail) clients, Web browsers, productivity applications, and antivirus scanners. This list is not intended to be a complete list of applications to install on Windows 2000 Professional, nor does it imply NIST's endorsement of particular commercial off-the-shelf (COTS) products. Many of the configuration recommendations for the tested Windows applications focus on deterring viruses, worms, Trojan horses, and other types of malicious code. The guide presents recommendations to protect the Windows 2000 Professional system from malicious code when the tested applications are being used.

Comments and questions may be addressed to itsec@nist.gov.