NIST aims to ease XP security setup

Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

Related Links

Officials at the National Institute of Standards and Technology hope their new publication will help simplify the process of setting security controls on Microsoft Corp.'s Windows XP Professional operating system.

NIST officials, who released the draft of Special Publication 800-68 this week, said the recommendations and security configuration checklists will help federal agencies fulfill their responsibilities for computer and information security under the Federal Information Security Management Act of 2002.

The document's authors acknowledge the difficulty of setting reasonable security controls on an operating system as complex as Windows XP Pro. A publication that guides systems administrators and technical users through the process should help other federal agencies avoid time-consuming and costly mistakes, NIST officials said.

They worked with the Defense Information Systems Agency, the National Security Agency, Microsoft and the nonprofit Center for Internet Security to reach a consensus on security settings for Windows XP and for productivity applications, e-mail, Web browsers, personal firewalls and antivirus programs that run on XP.

Next month, NIST officials will release a separate publication on the agency's new Security Configuration Checklists Program. Under that program, NIST will operate a Web portal that enables users to search for software products by name, product type and security level. Federal officials will be able to make purchasing decisions, for example, based on whether a security configuration checklist exists for a particular product.

Software makers, businesses and government agencies are beginning to reach consensus on security controls that can be tolerated without breaking the programs that run on computers, said Clint Kreitner, president and chief executive officer of the Center for Internet Security. The center develops security configurations through a process based on consensus and testing.

On the basis of those consensus configurations, Kreitner said, companies such as Dell Inc. have begun shipping computers with a secure configuration of Windows 2000. In a few months, Dell will sell computers with a similar security configuration for Windows XP.

Microsoft also has shipped its Windows Server 2003 software with recommended security settings in place, Kreitner said. And the company is working with the configuration standards group to do the same with Exchange 2003, Microsoft's suite of collaboration software.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.