Windows XP STIG Version 6, Release 1.34 Checklist Details (Checklist Revisions)
NOTE
This is not the current revision of this Checklist, view the current revision.
SCAP 1.0 Content:
-
Download SCAP 1.0 Content - Windows XP STIG Benchmark
- Author: Defense Information Systems Agency
Supporting Resources:
Target:
Target | CPE Name |
---|---|
Microsoft Windows XP | cpe:/o:microsoft:windows_xp (View CVEs) |
Checklist Highlights
- Checklist Name:
- Windows XP STIG
- Checklist ID:
- 337
- Version:
- Version 6, Release 1.34
- Type:
- Compliance
- Review Status:
- Under Review
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 02/23/2011
Checklist Summary:
The Microsoft Windows XP SRR targets conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or may lead to interruption of production operations. Sites are required to secure the Microsoft Windows XP operating system in accordance with DOD Directive 8500.1, Section 4.18. The checks in this document were developed from DISA and NSA guidelines specified in the above reference. Additionally, the review ensures the site has properly installed and implemented the Windows XP operating system and that it is being managed in a way that is secure, efficient, and effective. The items reviewed are based on standards and requirements published by DISA in the Security Handbook and other DoD Policy and regulations. The results of the SRR scripts will coincide with the Windows XP SRR Checklist with the following: F- Finding, N/F- Not A Finding, N/A- Not Applicable, MR -Manual Review, or NR - Not Reviewed. This document is designed to instruct the reviewer on how to assess XP Professional configurations in a Windows NT 4, Windows 2000, or Windows 2003 domain. In addition, the security settings recommended can also be used to configure Group Policy in a Windows 2000 or Windows 2003 Active Directory environment. The Windows XP Security Checklist is composed of five major sections and five appendices: - Section 1: This section contains summary information about the sections and appendices that comprise the Windows XP Security Checklist, and defines its scope. Supporting documents consulted are listed in this section. - Section 2: This section is the matrix that allows the reviewer to document vulnerabilities discovered during the SRR process. The entries in this table, are mapped to procedures in Sections 3, and 5. - Section 3: This section contains the administrative issues that are discussed between the reviewer and the System Administrator or the Information Systems Security Officer (IAO). The interview outlined in this section may be performed independent of the technical review discussed in Sections 4 and 5. - Section 4: This section contains summary information for running the Gold Disk. - Section 5: This section documents the procedures that instruct the reviewer on how to perform an SRR manually, and to interpret the program output for vulnerabilities. Each procedure maps to a PDI tabulated in Section 2. - Appendix A: This appendix documents the allowed Access Control Lists (ACLs) for file and registry objects. The tables contained in this section are referenced in Sections 4 and 5. - Appendix B: This appendix contains checks for IAVM compliance to be done against a Windows XP machine. - Appendix C: This appendix provides information for the use of Microsoft tools for analyzing group policy. - Appendix D: This appendix documents the procedures for creating assets and importing findings into VMS 6.0 - Appendix E: This appendix identifies Windows specific requirements from JTF-GNO CTOs.
Checklist Role:
- Desktop Operating System
Known Issues:
The Access Control Lists (ACLs) on a system under review may differ from the recommendations specified in Appendix A. If the reviewed ACL is more restrictive, or if an equivalent user group is identified, there is no problem. If a specific application requires less restrictive settings, these must be documented with the site ISSO.
Target Audience:
Developed for the DOD. This document is intended for IAOs, SAs, IAMs, NSOs, and others who are responsible for the configuration, management, or support of information systems. It assumes that the reader has knowledge of the Windows XP operating system and is familiar with common computer terminology.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
DOD Directive 8500.
Comments/Warnings/Miscellaneous:
Please refer to the Checklist or the README.txt files provided with the scripts for any comments, warnings, or detailed instructions.
Disclaimer:
Not provided.
Product Support:
It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.
Point of Contact:
Not provided.
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Dependency/Requirements:
URL | Description |
---|
References:
Reference URL | Description |
---|
NIST checklist record last modified on 06/29/2011
* This checklist is still undergoing review for inclusion into the NCP.