U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

CIS Windows XP Professional Benchmark v3.1.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Microsoft Windows XP Professional cpe:/o:microsoft:windows_xp:::professional (View CVEs)

Checklist Highlights

Checklist Name:
CIS Windows XP Professional Benchmark
Checklist ID:
77
Version:
v3.1.0
Type:
Compliance
Review Status:
Final
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
08/01/2005

Checklist Summary:

This document is a security benchmark for the Microsoft Windows XP Professional operating system for workstations. It reflects the content of the Consensus Baseline Security Settings document developed by the National Security Agency (NSA), the Defense Information Systems Agency (DISA), The National Institute of Standards and Technology (NIST), the General Services Administration (GSA), The SANS Institute, and the staff and members of the Center for Internet Security (CIS). Section 1 of this guide is a summary checklist of the configuration settings that constitute a Windows XP Professional compliant computer system. Appendix A is a questionnaire that can be used to put the trade-offs into perspective for each of the settings involved. Section 2 of this guide is written to provide contextual descriptions of each requirement for this benchmark. It gives plain-text details of what the setting means, why it is restricted, and what the consequences of restricting that setting may be. It covers the same information as Section 1 in greater detail.

Checklist Role:

  • Desktop Client

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

  • Managed

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Refer to Known Issues.

Disclaimer:

Proper use of the recommendations requires careful analysis and adaptation to specific user requirements. The recommendations are not in any way intended to be a quick fix for anyones information security needs. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the products or the recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any product or recommendation. CIS is providing the products and the recommendations as is and as available without representations, warranties or covenants of any kind.

Product Support:

Not provided.

Point of Contact:

[email protected]

Sponsor:

Not provided.

Licensing:

Not provided.

Change History: 

Updated references - 5/1/18
updated reference links - 9/10/2018
Updated URL - 7/26/19
updated to 3.1.0  - 1/3/2020
updated ref links - 9/19/2022

Dependency/Requirements:

URL Description
https://learn.microsoft.com/en-us/previous-versions/tn-archive/cc163061(v=technet.10) Windows XP Security Compliance Management Toolkit
https://learn.microsoft.com/en-us/previous-versions/tn-archive/cc163140(v=technet.10) Windows Server 2003 Security Compliance Management Toolkit
https://learn.microsoft.com/en-us/previous-versions/tn-archive/dd162275(v=technet.10) Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
https://www.cisecurity.org The Center for Internet Security
https://www.microsoft.com/en-us/security?rtc=1 Microsoft Windows Security
https://www.sans.org The SANS Institute

References:

Reference URL Description

NIST checklist record last modified on 09/19/2022