U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

Windows NT Security Checklist Version 4, Release 1.21 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Microsoft Windows NT 4.0 cpe:/o:microsoft:windows_nt:4.0 (View CVEs)

Checklist Highlights

Checklist Name:
Windows NT Security Checklist
Checklist ID:
130
Version:
Version 4, Release 1.21
Type:
Compliance
Review Status:
Archived
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
07/28/2006

Checklist Summary:

The Microsoft Windows NT SRR targets conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or may lead to interruption of production operations. Sites are required to secure the Microsoft Windows NT operating system in accordance with DOD Directive 8500.1, Section 4.18. The checks in this document were developed from DISA and NSA guidelines specified in the above reference. Additionally, the review ensures the site has properly installed and implemented the Windows NT operating system and that it is being managed in a way that is secure, efficient, and effective. The items reviewed are based on standards and requirements published by DISA in the Security Handbook and other DoD Policy and regulations. The results of the SRR scripts will coincide with the Windows NT SRR Checklist with the following: F- Finding, N/F- Not A Finding, N/A- Not Applicable, MR -Manual Review, or NR - Not Reviewed. This document is designed to instruct the reviewer on how to assess both the workstation and server configurations. In addition, the procedures account for the optional domain-controller configuration of devices running Windows NT Server. The Windows NT Security Checklist is composed of five major sections and four appendices: - Section 1: This section contains summary information about the sections and appendices that comprise the Windows NT Security Checklist, and defines its scope. Supporting documents consulted are listed in this section. - Section 2: This section is the matrix that allows the reviewer to document vulnerabilities discovered during the SRR process. Section 2A is used for a review done using the WinBatch SRR scripts. Section 2B is used for manual SRRs. The entries in this table, sorted by Potential Discrepancy Item (PDI), are mapped to procedures - referenced by paragraph number - in Sections 3, 4, and 5. - Section 3: This section contains the administrative issues that are discussed between the reviewer and the System Administrator or the Information Systems Security Officer (ISSO). The interview outlined in this section may be performed independent of the technical review discussed in Sections 4 and 5. - Section 4: This section documents the procedures that instruct the reviewer on how to perform an SRR using the automation scripts, and to interpret the script output for vulnerabilities. Each procedure maps to a PDI tabulated in Section 2. - Section 5: This section documents the procedures that instruct the reviewer on how to perform an SRR manually, and to interpret the program output for vulnerabilities. Each procedure maps to a PDI tabulated in Section 2. - Appendix A: This appendix documents the allowed Access Control Lists (ACLs) for file and registry objects. The tables contained in this section are referenced in Sections 4 and 5. - Appendix B: This appendix documents procedures for checking compliance with specific IAVM notices applicable to Windows NT. - Appendix C: This appendix documents the WinBatch scripts used to perform an SRR. The scripts documented here are referenced in Section 4. - Appendix D: This appendix documents the procedures for using the John the Ripper password integrity utility.

Checklist Role:

  • Desktop and Server Operating System

Known Issues:

Not provided.

Target Audience:

Developped for the DOD. This document is intended for IAOs, SAs, IAMs, NSOs, and others who are responsible for the configuration, management, or support of information systems. It assumes that the reader has knowledge of the Windows NT operating system and is familiar with common computer terminology.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DOD Directive 85

Comments/Warnings/Miscellaneous:

Please refer to the Checklist or the README.txt files provided with the scripts for any comments, warnings, or detailed instructions.

Disclaimer:

Not provided.

Product Support:

It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History: 

Checklist being hidden because content is no longer available
Added point of contact

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 05/01/2019