WARNING NOTICE

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations should be applied only to Windows XP Professional SP2 and Vista systems and will not work on Windows 9X/ME, Windows NT, Windows 2000 or Windows Server 2003. The security policies have been tested on Windows XP Professional SP2 and Vista systems with a Windows 2003 server and will not work on Windows 9X/ME, Windows NT, Windows 2000 or Windows Server 2003.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with OMB, DHS, DISA, NSA, USAF, and Microsoft to produce the Windows XP and Vista FDCC baseline. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.

Download Packages

2008.06.20

The updated Federal Desktop Core Configuration settings released on 20 June 2008 constitute Major Version 1.0 of FDCC. Relative to the previous version of FDCC, 40 settings have changed. Changes were derived from public comment during the April and May 2008 public comment periods, analysis of the 31 March 2008 Agency FDCC reports, and subject matter expertise.

FDCC Major Version 1.0 is based on Microsoft Windows XP Service Pack (SP) 2 and Microsoft Windows Vista SP 1. Although SCAP content has been engineered so that it will also operate on Windows XP SP3, near-term Windows XP patch checking will be oriented toward Windows XP SP2.

To coincide with the release of FDCC Major Version 1.0, new SCAP Content has also been made available. This SCAP Content is inclusive of the 40 FDCC settings changes. At this time, FDCC is comprised of 674 settings, 670 of which (99.4%) can be checked using the updated SCAP Content and an SCAP-Validated Tool. A listing of non-automated settings is available for your reference. NIST is coordinating future refinement of SCAP Content and expects to release minor versions of SCAP Content in the future as non-automated checks are automated.

New Microsoft-updated Group Policy Objects (GPO) and Virtual Hard Drive (VHD) files are also available. These files have been tested by NIST and made available through this Web page. These GPOs and VHDs are inclusive of the 40 FDCC settings changes. At this time, 625 out of 674 settings (92.7%) are embodied in GPOs and can therefore be centrally implemented via Microsoft Active Directory servers. A listing of settings that cannot be implemented via GPO is available for your reference.

Moving forward, we anticipate relatively few and infrequent changes to FDCC settings. The change control process is being actively discussed and documented as of 20 June 2008. The change control process will balance a number of factors, including but not limited to IT Provider feedback and existing SCAP Validation Program processes. The Office of Management and Budget will release more information about this process in the upcoming weeks.

2007.08.20
Please read the Download FAQs to resolve issues with downloading, logging on, and activating Windows Vista.

Updates History

Please see the FDCC Archive for pre-final release content

Comments and Questions

Comments and questions may be addressed to fdcc@nist.gov.