Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist



Murugiah P. Souppaya, Paul M. Johnson, Karen Kent


[Superseded by SP 800-68 Rev. 1 (October 2008):] NIST Special Publication 800-68 has been created to assist IT professionals, in particularly Windows XP system administrators and information security personnel, in effectively securing Windows XP systems. It discusses Windows XP and various application security settings in technical detail. The guide provides insight into the threats and security controls that are relevant for various operational environments, such as for a large enterprise or a home office. It describes the need to document, implement, and test security controls, as well as to monitor and maintain systems on an ongoing basis. It presents an overview of the security components offered by Windows XP and provides guidance on installing, backing up, and patching Windows XP systems. It discusses security policy configuration, provides an overview of the settings in the accompanying NIST security templates, and discusses how to apply additional security settings that are not included in the NIST security templates. It demonstrates securing popular office productivity applications, Web browsers, e-mail clients, personal firewalls, antivirus software, and spyware detection and removal utilities on Windows XP systems to provide protection against viruses, worms, Trojan horses, and other types of malicious code. This list is not intended to be a complete list of applications to install on Windows XP system, nor does it imply NIST's endorsement of particular commercial off-the-shelf (COTS) products.
Special Publication (NIST SP) - 800-68
Report Number


anti-virus, authentication, computer security, COTS, email, encryption, firewall, hardening, IPsec, lockdown, malware, Microsoft, operating system, security checklist, Security configuration, security controls, security policy, security templates, spyware, threats, web browser, Windows XP


Souppaya, M. , Johnson, P. and Kent, K. (2005), Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed June 13, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created October 20, 2005, Updated February 19, 2017