WARNING NOTICE

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Windows XP Professional SP2, Windows XP Professional SP3, and Windows Vista SP1 systems. These settings may be applicable to other Windows systems and service packs; however, NIST has not tested other Windows based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Windows Based systems and applications.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with OMB, DHS, DISA, NSA, USAF, and Microsoft to produce the Windows XP and Vista FDCC baseline. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.

Download Packages

2009.08.06

FDCC OVAL 5.3 patch content updated.

2009.07.21

FDCC OVAL 5.3 patch content updated.

2009.06.30

FDCC OVAL 5.3 patch content updated.

2009.04.17

FDCC OVAL 5.3 patch content updated.

2009.04.08

FDCC Major Version 1.2.x.0 SCAP Content released.

The FDCC settings have not changed. The update includes a number of corrections in the SCAP content. A detailed listing of the changes is available. This release also includes updated FDCC settings documentation, as well as the 2009 Q1 VHDs and GPOs.

2009.02.28

FDCC OVAL 5.3 patch content updated.

2008.12.03

FDCC OVAL 5.3 patch content updated.

2008.10.31

FDCC Major Version 1.1 SCAP Content released.

The FDCC settings have not changed. The update includes a number of corrections in the SCAP content, as well as full support for OVAL 5.3 and 5.4. A detailed listing of the changes is available.

2008.10.30

2008 Q4 VHDs Released. No settings have changed in this release. The FDCC VHDs expire after 90 days and must be re-released.

2008.06.20

The updated Federal Desktop Core Configuration settings released on 20 June 2008 constitute Major Version 1.0 of FDCC. Relative to the previous version of FDCC, 40 settings have changed. Changes were derived from public comment during the April and May 2008 public comment periods, analysis of the 31 March 2008 Agency FDCC reports, and subject matter expertise.

FDCC Major Version 1.0 is based on Microsoft Windows XP Service Pack (SP) 2 and Microsoft Windows Vista SP 1. Although SCAP content has been engineered so that it will also operate on Windows XP SP3, near-term Windows XP patch checking will be oriented toward Windows XP SP2.

To coincide with the release of FDCC Major Version 1.0, new SCAP Content has also been made available. This SCAP Content is inclusive of the 40 FDCC settings changes. At this time, FDCC is comprised of 674 settings, 670 of which (99.4%) can be checked using the updated SCAP Content and an SCAP-Validated Tool. A listing of non-automated settings is available for your reference. NIST is coordinating future refinement of SCAP Content and expects to release minor versions of SCAP Content in the future as non-automated checks are automated.

New Microsoft-updated Group Policy Objects (GPO) and Virtual Hard Drive (VHD) files are also available. These files have been tested by NIST and made available through this Web page. These GPOs and VHDs are inclusive of the 40 FDCC settings changes. At this time, 625 out of 674 settings (92.7%) are embodied in GPOs and can therefore be centrally implemented via Microsoft Active Directory servers. A listing of settings that cannot be implemented via GPO is available for your reference.

Moving forward, we anticipate relatively few and infrequent changes to FDCC settings. The change control process is being actively discussed and documented as of 20 June 2008. The change control process will balance a number of factors, including but not limited to IT Provider feedback and existing SCAP Validation Program processes. The Office of Management and Budget will release more information about this process in the upcoming weeks.

2007.08.20
Please read the Download FAQs to resolve issues with downloading, logging on, and activating Windows Vista.

Updates History

Please see the FDCC Archive for pre-final release content

Comments and Questions

Comments and questions may be addressed to fdcc@nist.gov.