NIST SP 800-68 on Windows XP and the Microsoft Windows Vista Security Guide both delineate baseline configuration settings for environments including the Enterprise and Specialized Security-Limited Functionality (SSLF) environments. Which should I use?
Federal civilian agencies and other organizations should start with the Enterprise version for most of their managed desktop machines. The Enterprise baseline, as described in NIST SP 800-70, reflects the typical federal civilian operational environment, while the SSLF baseline tracks closely with the DoD operational environment. NIST recommends that federal civilian agencies start with the Enterprise baseline, customize it to reflect their local operational requirements and security policy (e.g., appropriate logon banner, access control mechanisms) and test it with their enterprise applications before pushing these settings out to their managed systems. They should document all changes that were made to the baseline as part of their configuration change control process. SSLF settings may be necessary when the system operates in a high impact environment, or when the agency determines this level is necessary to adequately secure government information.
Related Questions
- NIST SP 800-68 on Windows XP and the Microsoft Windows Vista Security Guide both delineate baseline configuration settings for environments including the Enterprise and Specialized Security-Limited Functionality (SSLF) environments. Which should I use?
- How will the NIST SP on Windows Vista differ from the Microsoft Windows Vista Security Guide?
- Is CAMWorks compatible with Microsoft Windows Vista 64 bit and/or Windows XP 64 bit?
