NIST aims to ease XP security setup

Officials at the National Institute of Standards and Technology hope their new publication will help simplify the process of setting security controls on Microsoft Corp.'s Windows XP Professional operating system.

NIST officials, who released the draft of Special Publication 800-68 this week, said the recommendations and security configuration checklists will help federal agencies fulfill their responsibilities for computer and information security under the Federal Information Security Management Act of 2002.

The document's authors acknowledge the difficulty of setting reasonable security controls on an operating system as complex as Windows XP Pro. A publication that guides systems administrators and technical users through the process should help other federal agencies avoid time-consuming and costly mistakes, NIST officials said.

They worked with the Defense Information Systems Agency, the National Security Agency, Microsoft and the nonprofit Center for Internet Security to reach a consensus on security settings for Windows XP and for productivity applications, e-mail, Web browsers, personal firewalls and antivirus programs that run on XP.

Next month, NIST officials will release a separate publication on the agency's new Security Configuration Checklists Program. Under that program, NIST will operate a Web portal that enables users to search for software products by name, product type and security level. Federal officials will be able to make purchasing decisions, for example, based on whether a security configuration checklist exists for a particular product.