How do the NIST recommendations for securing Windows XP in NIST SP 800-68 differ from those in checklists produced by NSA, DISA, Microsoft, and third-party providers?
NIST has collaborated with CIS, DISA, NSA, and Microsoft to produce recommended settings for various operational environments in which Windows XP is deployed. Nearly all the recommended settings are represented in NIST SP 800-68 and the other security guides. However, NIST SP 800-68 reflects changes that are applicable to federal agencies to be consistent with the technical security controls represented in NIST SP 800-53, FIPS 140-2, etc. NIST recommends that federal agencies start with the NIST SP 800-68 recommendations, customize the baselines to reflect local operational requirements and security policy, and document the differences. NIST does not recommend that agencies make significant changes to the baseline unless such changes make the system more secure or there is a compelling operational requirement.
Related Questions
- NIST SP 800-68 on Windows XP and the Microsoft Windows Vista Security Guide both delineate baseline configuration settings for environments including the Enterprise and Specialized Security-Limited Functionality (SSLF) environments. Which should I use?
- How do the NIST recommendations for securing Windows XP in NIST SP 800-68 differ from those in checklists produced by NSA, DISA, Microsoft, and third-party providers?
- Has NIST produced an SP for securing Windows XP?