- This Addendum to Microsoft's Windows 2003 Security Guide and NSA's Guides to Securing Windows 2000 and XP was developed to enhance the confidentiality, integrity, and availability of sensitive Department of Defense (DOD) Automated Information Systems (AISs) using the Windows 2003, 2000, and XP operating systems (OSs).This Addendum is coordinated with the following documents here after collectively known as the Windows Server 2003/XP/2000 Guides:
- Microsoft Solutions for Security, Windows 2003 Security Guide, 2003
- Microsoft Solutions for Security, Threats and Countermeasures: Security Settings in Windows 2003 and Windows XP, 2003
- Microsoft Windows 2003 and XP Specialized Security Limited Functionality Templates
- NSA Guide to Securing Windows 2000 Active Directory, December 2000, Version 1.0
- NSA Guide to Securing Windows 2000 Group Policy, September 2001, Version 1.1
- NSA Guide to Securing Windows 2000 Group Policy: Security Configuration Tool Set, December 2002, Version 1.2
- NSA Guide to Securing Windows 2000 File and Disk Resources, 19 April 2001, Version 1.0
- NSA Guide to Securing Windows XP, December 2003, Version 1.1
The Microsoft Windows 2003 and XP Specialized Security Limited Functionality Templates were developed through the combined efforts of Microsoft, NSA, NIST, DISA FSO, CIS, and other organizations (hereafter referred to as the Consensus Group). They provide a common set of security settings for organizations requiring a highly secure processing environment, such as found in DOD. Each site network/communications infrastructure must provide secure, available, and reliable data for all customers, especially the warfighter. This Addendum is designed to supplement the security guidance provided by the Windows Server 2003/XP/2000 Guides with DOD-specific requirements. This Addendum will assist sites in meeting the minimum requirements standards, controls, and options that must be in place for secure network operations. These minimum security requirements include compliance with the Windows Server 2003/XP/2000 Guides using the Specialized Security ÃƒÂ¢?? Limited Functionality Templates and the additional requirements defined in this Addendum. Deviations or exceptions will be documented in the appropriate checklist.
- This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore, this guide does not address site-specific configuration issues. The security changes described in this document only apply to Microsoft Windows 2000, 2003 and XP systems and should not be applied to any other Windows versions or operating systems.
You can severely impair or disable a Windows system with incorrect changes or accidental deletions when using programs (examples: Security Configuration Manager, Regedt32.exe, and Regedit.exe) to change the system configuration. Therefore, it is extremely important to test all settings recommended in this guide before installing them on an operational network.
- Developped for the DOD.
Users of this guide should have a working knowledge of Windows 2000, 2003 and XP installation and basic system administration skills.
- It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to
- NIST checklist record last modified on 09/23/2013