F D C C

NVD Banner

Vulnerabilities

Product Dictionary

SCAP Validated Tools

Vendor Comments

FDCC

Home

Disclaimer

Legacy FDCC News

Additional Memoranda

Contact

Federal Desktop Core Configuration
FDCC

- DOWNLOAD PAGE -

WARNING NOTICE

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows XP Professional SP2, Windows XP Professional SP3, and Windows Vista SP1 systems. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with OMB, DHS, DISA, NSA, USAF, and Microsoft to produce the Windows XP and Vista FDCC baseline. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.

Download Packages

2011.09.23

FDCC OVAL 5.3 & 5.4 patch content updated.

2011.08.18

FDCC OVAL 5.3 & 5.4 patch content updated.

2011.07.27

FDCC OVAL 5.3 & 5.4 patch content updated.

2011.07.06

FDCC OVAL 5.3 & 5.4 patch content updated.

2011.04.28

FDCC OVAL 5.3 & 5.4 patch content updated.

2011.03.18

FDCC OVAL 5.3 & 5.4 patch content updated.

2011.02.22

FDCC OVAL 5.3 & 5.4 patch content updated.

2011.01.20

FDCC OVAL 5.3 & 5.4 patch content updated.

2011.01.07

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.11.17

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.10.27

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.09.30

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.08.20

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.08.09

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.07.20

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.06.16

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.05.14

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.04.16

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.04.02

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.03.25

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.03.12

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.02.25

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.01.27

FDCC OVAL 5.3 & 5.4 patch content updated.

2010.01.05

2009 Q4 Windows XP VHD re-posted with corrected VHD disk size. No settings have changed in this release.

2009.12.17

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.11.20

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.11.03

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.10.19

2009 Q4 VHDs Released. No settings have changed in this release.

2009.09.16

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.08.21

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.08.06

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.07.21

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.06.30

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.04.17

FDCC OVAL 5.3 & 5.4 patch content updated.

2009.04.08

FDCC Major Version 1.2.x.0 SCAP Content released.

The FDCC settings have not changed. The update includes a number of corrections in the SCAP content. A detailed listing of the changes is available. This release also includes updated FDCC settings documentation, as well as the 2009 Q1 VHDs and GPOs.

2009.02.28

FDCC OVAL 5.3 & 5.4 patch content updated.

2008.12.03

FDCC OVAL 5.3 & 5.4 patch content updated.

2008.10.31

FDCC Major Version 1.1 SCAP Content released.

The FDCC settings have not changed. The update includes a number of corrections in the SCAP content, as well as full support for OVAL 5.3 & 5.4. A detailed listing of the changes is available.

2008.10.30

2008 Q4 VHDs Released. No settings have changed in this release. The FDCC VHDs expire after 90 days and must be re-released.

2008.06.20

The updated Federal Desktop Core Configuration settings released on 20 June 2008 constitute Major Version 1.0 of FDCC. Relative to the previous version of FDCC, 40 settings have changed. Changes were derived from public comment during the April and May 2008 public comment periods, analysis of the 31 March 2008 Agency FDCC reports, and subject matter expertise.

FDCC Major Version 1.0 is based on Microsoft Windows XP Service Pack (SP) 2 and Microsoft Windows Vista SP 1. Although SCAP content has been engineered so that it will also operate on Windows XP SP3, near-term Windows XP patch checking will be oriented toward Windows XP SP2.

To coincide with the release of FDCC Major Version 1.0, new SCAP Content has also been made available. This SCAP Content is inclusive of the 40 FDCC settings changes. At this time, FDCC is comprised of 674 settings, 670 of which (99.4%) can be checked using the updated SCAP Content and an SCAP-Validated Tool. A listing of non-automated settings is available for your reference. NIST is coordinating future refinement of SCAP Content and expects to release minor versions of SCAP Content in the future as non-automated checks are automated.

New Microsoft-updated Group Policy Objects (GPO) and Virtual Hard Drive (VHD) files are also available. These files have been tested by NIST and made available through this Web page. These GPOs and VHDs are inclusive of the 40 FDCC settings changes. At this time, 625 out of 674 settings (92.7%) are embodied in GPOs and can therefore be centrally implemented via Microsoft Active Directory servers. A listing of settings that cannot be implemented via GPO is available for your reference.

Moving forward, we anticipate relatively few and infrequent changes to FDCC settings. The change control process is being actively discussed and documented as of 20 June 2008. The change control process will balance a number of factors, including but not limited to IT Provider feedback and existing SCAP Validation Program processes. The Office of Management and Budget will release more information about this process in the upcoming weeks.

2007.08.20
Please read the Download FAQs to resolve issues with downloading, logging on, and activating Windows Vista.

Documentation

GPOs

SCAP Content

2009.04.08
FDCC Settings major
version 1.2 - Final [xls, 473K]

SHA-1 Digest:
1C4962660C0CEB4
CA530DFFE7A56C8
1463C78F50

SHA-256 Digest:
37FC8ECB0A95AB
31B56463A5D83E6
206DC4964D6A1FA0
E4AF710BBD246B
EB0F6

2008.06.20
FDCC 2009 Q1 GPO Release -Final [zip, ~2.5 MB]

SHA-1 Digest:
7DD0E04CEE71F1
6BBAA6366C358B
740C1041834C
SHA-256 Digest:
53664841150B753339A3
2B7C3A3A4EA4F7CB760D7
7023A6ECC0B147AE4B0
2F73

2011.09.23
Windows XP, Vista, firewall, and IE 7. - Final [zip, ~1151KB]

(individual file listings)
SHA-1 Digest:
1E40B52F021D1BF1E0
93765BA84ADCD0572B
1C0F
SHA-256 Digest:
7BEDDA34C83D3BA77F4
F189ECD23C961B404A0
E30B62B294AD207A593
8FDFFAF

The preceding files are intended for use with "SCAP FDCC scanning capable" tools.

2008.06.20
FDCC Settings Changes
major version 1.0 - [xls, 25K]

SHA-1 Digest:
1B2C6FD06D78F31AA08E
29DFED887BE4E56D80F8

SHA-256 Digest:
2B8D404730A192E2B55D
44DC86773CE1D7E4B5433
FA4508AC87438F6A3FE997D

VHD Files	SHA-1 Digest	SHA-256 Digest	Note
The FDCC Virtual Hard Drive (VHD) files are out of date and have been removed, they will not be updated in the future. The FDCC baselines have been superseded by the USGCB, please visit the USGCB downloads page for access to the current baseline settings, group policy objects, and other resources: http://usgcb.nist.gov/usgcb/microsoft_content.html

Updates History

Documentation	GPO Files	VHD Files	SCAP Content
			2011.09.23 OVAL 5.3 & 5.4 patch content updated
			2011.08.18 OVAL 5.3 & 5.4 patch content updated
			2011.07.27 OVAL 5.3 & 5.4 patch content updated
			2011.07.06 OVAL 5.3 & 5.4 patch content updated
			2011.04.28 OVAL 5.3 & 5.4 patch content updated
			2011.03.18 OVAL 5.3 & 5.4 patch content updated
			2011.02.22 OVAL 5.3 & 5.4 patch content updated
			2011.01.20 OVAL 5.3 & 5.4 patch content updated
			2011.01.07 OVAL 5.3 & 5.4 patch content updated
			2010.11.17 OVAL 5.3 & 5.4 patch content updated
			2010.10.27 OVAL 5.3 & 5.4 patch content updated
			2010.09.30 OVAL 5.3 & 5.4 patch content updated
			2010.08.20 OVAL 5.3 & 5.4 patch content updated
			2010.08.09 OVAL 5.3 & 5.4 patch content updated
			2010.07.20 OVAL 5.3 & 5.4 patch content updated
			2010.06.16 OVAL 5.3 & 5.4 patch content updated
			2010.05.14 OVAL 5.3 & 5.4 patch content updated
			2010.04.16 OVAL 5.3 & 5.4 patch content updated
			2010.04.02 OVAL 5.3 & 5.4 patch content updated
			2010.03.25 OVAL 5.3 & 5.4 patch content updated
			2010.03.12 OVAL 5.3 & 5.4 patch content updated
			2010.02.25 OVAL 5.3 & 5.4 patch content updated
			2010.01.27 OVAL 5.3 & 5.4 patch content updated
		2010.01.05 2009 Q4 XP VHD Re-posted
			2009.12.17 OVAL 5.3 & 5.4 patch content updated
			2009.11.20 OVAL 5.3 & 5.4 patch content updated
			2009.11.03 OVAL 5.3 & 5.4 patch content updated
		2009.10.19 2009 Q4 VHDs Released
			2009.09.16 OVAL 5.3 & 5.4 patch content updated
			2009.08.06 OVAL 5.3 & 5.4 patch content updated
			2009.07.21 OVAL 5.3 & 5.4 patch content updated
			2009.06.30 OVAL 5.3 & 5.4 patch content updated
			2009.04.17 OVAL 5.3 & 5.4 patch content updated
2009.04.08 FDCC Settings major version 1.2.x.0	2009.04.08 2009 Q1 GPOs Released	2009.04.08 2009 Q1 VHDs Released	2009.04.08 Release 1.2 - Final
			2009.04.02 OVAL 5.3 & 5.4 patch content updated
			2009.02.28 OVAL 5.3 & 5.4 patch content updated
			2008.12.03 OVAL 5.3 & 5.4 patch content updated
		2008.10.30 2008 Q4 VHDs Released	2008.10.31 Release 1.1 - Final
2008.06.20 FDCC Settings major version 1.0 FDCC Settings Changes major version 1.0	2008.06.20 2008 Q3 GPOs Released	2008.06.20 2008 Q3 VHDs Released	2008.06.20 Release 1.0 - Final

Please see the FDCC Archive for pre-final release content

Comments and Questions

Comments and questions may be addressed to fdcc@nist.gov.

Last updated: May, 02, 2012
Page created: July 22, 2007
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to itsec@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration