The United States Government Configuration Baseline (USGCB)

USGCB

The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security.

Official Memoranda

The following memoranda provide official guidance relating to the USGCB initiative:

News

2013.01.22 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.12.28 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.12.05 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.11.28 - SCAP 1.2 (Oval 5.10) content signature updated; no other change to content.
2012.10.31 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.08.17 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.07.30 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.06.15 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.05.21 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.04.23 - SCAP 1.2 data streams now available for all USGCB-supported Microsoft products.
2012.04.23 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.03.22 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.02.23 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2012.02.10 - Updated documentation for USGCB settings.
2012.01.23 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7, Windows Vista, and Windows XP.
2011.11.14 - USGCB Patch Content updated for Internet Explorer 8, Internet Explorer 7, Windows 7 Firewall, Windows 7, Windows Vista Firewall, Windows Vista, Windows XP Firewall, and Windows XP.
2011.11.10 - USGCB GPOs updated for Internet Explorer 8, Internet Explorer 7, Windows 7 Firewall, Windows 7, Windows Vista Firewall, Windows Vista, Windows XP Firewall, and Windows XP.
2011.11.08 - USGCB 1.0.5.0 SCAP Content updated for Red Hat Enterprise Linux 5 Desktop. Removed version information in the filenames of the USGCB settings and known issues.
2011.10.26 - USGCB Major Version 1.2.x.0 VHDs released for Windows 7. USGCB Major Version 2.0.x.0 GPOs released for Windows 7. USGCB Settings and Known Issues renamed to exclude version information.
2011.10.26 - USGCB Patch Content updated for Major Version 2.0.x.0 for Microsoft Windows XP and Internet Explorer 7 and Major Version 1.2.x.0 for Microsoft Windows 7, Windows 7 Firewall, and Internet Explorer 8.
2011.10.17 - Released 2.0.x.0 for Microsoft Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, and Internet Explorer 7 and 1.2.x.0 for Microsoft Windows 7, Windows 7 Firewall, and Internet Explorer 8.
2011.10.03 - Fixed versioning for Microsoft Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, and Internet Explorer 7 from 1.2.x.0-Alpha-Candidate to 2.0.x.0-Alpha-Candidate, for Microsoft Windows 7, Windows 7 Firewall, and Internet Explorer 8 from 2.0.x.0 to 1.2.x.0, and for Red Hat Enterprise Linux 5 Desktop from 1.1.2.0 to 1.0.5.0.
2011.09.30 - USGCB 1.0.5.0 SCAP Content, Kickstart Configuration, and Documentation released for Red Hat Enterprise Linux 5 Desktop.
2011.09.26 - Registration is now open for the 7th Annual IT Security Automation Conference taking place in Arlington (Crystal City), Virginia from October 31 to November 2, 2011. Please visit http://scap.nist.gov/events/index.html for the draft agenda, conference announcement, and registration link. The 3-day event includes tutorials, tracks, workshops, and vendor expo.
2011.09.21 - USGCB Major Version 2.0.x.0-Alpha-Candidate SCAP Content released for Internet Explorer 7, Windows Vista, Windows Vista Firewall, Windows XP, and Windows XP Firewall. USGCB Major Version 2.0.x.0 SCAP Content released for Internet Explorer 8, Windows 7, and Windows 7 Firewall.
2011.08.18 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.07.27 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.07.26 - USGCB Beta-Candidate Puppet Modules updated for Red Hat Enterprise Linux 5 Desktop.
2011.07.06 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.04.28 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.03.31 - USGCB Beta-Candidate Kickstart Configuration released for Red Hat Enterprise Linux 5 Desktop.
2011.03.29 - USGCB Beta-Candidate SCAP Content, Puppet Modules, and Documentation released for Red Hat Enterprise Linux 5 Desktop.
2011.03.18 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.02.28 - USGCB Alpha-Candidate SCAP Content, Configuration Support Files, and Documentation released for Red Hat Enterprise Linux 5 Desktop.
2011.02.22 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.02.04 - USGCB Major Version 1.1.x.0 GPOs released for Internet Explorer 8, Windows 7, and Windows 7 Firewall. USGCB Major Version 1.1.x.0 VHDs released for Windows 7.
2011.01.31 - NIST updated the SCAP Validation Program to include USGCB test requirements and test tools. Accredited laboratories are now able to validate product capability to process USGCB SCAP content and produce SCAP compliant results.
2011.01.31 - USGCB Major Version 1.1.x.0 SCAP Content released for Internet Explorer 8, Windows 7, and Windows 7 Firewall.

This release includes updated documentation for USGCB settings and known issues. Please note that distinct content for the X86 and AMD64 platform architectures have been combined into a single stream that works on both platforms.
2011.01.20 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2011.01.07 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2010.11.17 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2010.11.16 - USGCB Settings Spreadsheet updated. This version includes about 12 typographical corrections. There are no changes to the setting values.
2010.11.09 - USGCB/FDCC Comparison Spreadsheets for Windows and Internet Explorer updated.
2010.11.03 - USGCB GPOs, Patch Content, and VHDs updated for Windows 7.
USGCB Policy
- No changes were made to the USGCB Policy.
GPOs
- Removed all Alpha and Beta instances in XML results file.
SCAP Content
- OVAL - Corrected the registry value name for the "Do not process the run once list" (CCE-10154-3).
- XCCDF - Corrected the value mapping table for "Allow users to connect remotely using Remote Desktop Services" (CCE-9985-3).
VHDs
- Added VHD for Virtual PC
- Updated VHDs to include all October Updates
2010.10.27 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2010.10.20 - USGCB VHDs and GPOs posted for Internet Explorer 8, Windows 7, and Windows 7 Firewall. The settings in the VHDs and GPOs have not changed with respect to the final USGCB policy released in August.
2010.09.30 - USGCB Patch Content updated for Internet Explorer 8 and Windows 7.
2010.09.24 - USGCB Major Version 1.0.x.0 released for Windows 7, Windows 7 Firewall, and Internet Explorer 8. The previous USGCB beta settings has been approved by the Federal CIO Council's Architecture and Infrastructure Committee's (AIC) Technology Infrastructure Subcommittee (TIS) for release as the first USGCB Major Version; please note that USGCB settings have not changed since the previous beta release.

This release includes updated documentation for USGCB settings and known issues. Also included in this release is updated SCAP content for Windows 7, Windows 7 Firewall, and Internet Explorer 8. A new SCAP data stream has been added to the Windows 7 SCAP Content; this new stream captures settings specific to USGCB energy conservation policy.
2010.08.31 - Beta USGCB Settings released for Windows 7, Windows 7 Firewall, and Internet Explorer 8. The updates to these Beta settings were based on feedback collected from numerous federal agencies during a public comment period for the Alpha USGCB settings. NIST, at the request of the Federal CIO Council's Architecture and Infrastructure Committee's (AIC) Technology Infrastructure Subcommittee (TIS), evaluated this feedback and updated the USGCB settings where appropriate. A detailed change log describing all setting updates can be found in the USGCB Beta Settings Spreadsheet.

Also included in this release are the supporting material for implementing and verifying the Beta USGCB Settings on Windows 7, Windows 7 Firewall, and Internet Explorer 8. This includes updated SCAP Content, GPOs, and VHDs.
2010.08.20 - Alpha USGCB Content for August 2010 updated for Windows 7 and Internet Explorer 8.
2010.08.09 - Alpha USGCB Content for August 2010 released for Windows 7 and Internet Explorer 8.
2010.08.03 - Alpha USGCB Content for August 2010 released for Windows 7 and Windows 7 Firewall.
2010.07.28 - Registration is now open for the 6th Annual IT Security Automation Conference taking place in Baltimore Inner Harbor on September 27-29, 2010. Please visit http://scap.nist.gov/events/index.html for the draft agenda, conference announcement, and registration link. The 3-day event includes tutorials, tracks, workshops, and vendor expo.
2010.07.20 - Alpha USGCB Content for July 2010 released for Windows 7 and Internet Explorer 8.
2010.06.30 - USGCB/FDCC Comparison Spreadsheets for Windows and Internet Explorer posted.
2010.06.16 - Alpha USGCB Content for June 2010 released for Windows 7 and Internet Explorer 8.
2010.05.28 - Alpha USGCB Content for Windows 7 and Windows 7 Firewall updated to include setting documentation, SCAP content bug fixes, GPO bug fixes and VHD bug fixes. Please note that no USGCB setting values have changed, this update includes only bug fixes and improved documentation. Also included in this update are non-machine readable CCE to NIST SP 800-53 policy control mappings, which can be found in USGCB Alpha Settings spreadsheet. Please note that these non-machine readable mappings will be removed when the machine-readable mappings are distributed.
2010.04.23 - Alpha USGCB Settings, Content, VHDs, and FAQ released for Windows 7, Windows 7 Firewall, and Internet Explorer 8.
Legacy News