Operating Systems

NSA has developed and makes online guides to making your O/s secure.  These guides are currently being used throughout the U.S.government and by numerous entities as a security baseline for their systems.





Apple Mac

Apple Mac OS X 10.5 ‘Leopard’

The recommendations in Apple’s Mac OS X Security Configuration For Version 10.5 Leopard Second Edition track closely with the security level historically represented in NSA guidelines. It is our belief that this guide establishes the best practices for securing the product and recommends that traditional customers of our security recommendations use the Apple guide when securing Mac OS X 10.5 systems.

Return to Top

Apple Mac OS X 10.4 ‘Tiger’

As part of a change in our development strategy for security guidance, NSA does not intend to publish separate security guides for the Macintosh OS X operating system beyond that produced by the vendor, beginning with Tiger, OS X version 10.4.x. The recommendations in Apple’s Mac OS X Security Configuration For Version 10.4 or Later and Mac OS X Server Security Configuration For Version 10.4 or Later track closely with the security level historically represented in the NSA guidelines. It is our belief that these guides establish the latest best practices for securing the products and recommend that traditional customers of our security recommendations use the Apple guides when securing Macintosh OS X 10.4.x and Macintosh OS X Server 10.4.x.

Return to Top

Apple Mac OS X 10.3 ‘Panther’

Apple Mac OS X 10.3 “Panther” Mac OS X 10.3 is no longer supported by Apple. It does not receive security updates and is NOT RECOMMENDED for use. The following guides are intended only for historical reference.

Return to Top


Linux

Red Hat Enterprise Linux 5

NSA has developed and distributed configuration guidance for Red Hat Enterprise Linux 5 that is currently being used throughout the government and by numerous entities as a security baseline for their Red Hat Enterprise Linux 5 systems.

Title Last Reviewed File Size Revised
Guide to the Secure Configuration of Red Hat Enterprise Linux 5 Mar 09 996KB 19 Nov 07
Hardening Tips for the Red Hat Enterprise Linux 5 Mar 09 239KB Nov 07

Return to Top


Microsoft Windows

Microsoft Windows Vista

As part of a change in our development strategy for security guidance, NSA does not intend to publish a separate guide for Windows Vista beyond what was produced as a cooperative effort between the vendor and the security community. The “Specialized Security – Limited Functionality” (SSLF) security settings in Microsoft’s Windows Vista Security Guide track closely with the security level historically represented in the NSA guidelines. It is our belief that this guide establishes the latest best practices for securing the product and recommend that traditional customers of our security recommendations use the Microsoft guide when securing Windows Vista. Windows Vista FAQs

Title Last Reviewed File Size Revised
Windows Vista Security Guide.msi Mar 09 1650KB 13 Nov 06

Return to Top

Microsoft Windows Server 2003

As part of a change in our development strategy for security guidance, NSA does not intend to publish a separate security guide for Windows Server 2003 beyond what was produced as a cooperative effort between the vendor and the security community. The Special Security – Limited Functionality (SSLF) settings in Microsoft’s Windows Server 2003 Security Guide track closely with the security level historically represented in the NSA guidelines. It is our belief that this guide establishes the latest best practices for securing the product and recommend that traditional customers of our security recommendations use the Microsoft guide when securing Windows Server 2003.

Title Last Reviewed File Size Revised
The Windows Server 2003 – Security Guide, v2.1 Mar 09 4526KB 26 Apr 06
The Windows Server 2003 – Security Guide – Read Me, v2.1 Mar 09 20KB 26 Apr 06
The Windows Server 2003 – Security Guide – Release Notes, v2.1 Mar 09 24KB 26 Apr 06
NSA Windows Server 2003 Security Guide Addendum Mar 09 49KB 12 Sep 06
The Windows Server 2003 – Security Guide – Tools and Templates, v2.1 (exe file) Mar 09 320KB 26 Apr 06

Return to Top

Microsoft Windows XP

As part of a change in our development strategy for security guidance, NSA is no longer maintaining and updating security guides for Windows XP Professional beyond what was produced as a cooperative effort between the vendor and the security community. The “Specialized Security – Limited Functionality” (SSLF) security settings in Microsoft’s Windows XP Security Guide track closely with the security level historically represented in the NSA guidelines. It is our belief that this guide establishes the latest best practices for securing the product and recommend that traditional customers of our security recommendations use the Microsoft guide when securing Windows XP.

Title Last Reviewed File Size Revised
NSA Windows XP Security Guide Addendum Mar 09 50 KB 12 Sep 06
Zipped Windows XP Security Configuration Guides** (zip file) Mar 09 980 KB 12 Sep 06

Return to Top

Microsoft Windows 2000

Windows 2000 is NOT RECOMMENDED for security-critical environments. It lacks important security features that are available in Windows XP and Vista. Microsoft currently provides security patches for Windows 2000, but the product is in its Extended Support Period, and this will end in June 2010. NSA recommends upgrading as soon as possible.
To assist our Windows 2000 user community, NSA has developed security configuration guidance for Windows 2000, with the cooperation of other government agencies and industry partners who provided their expertise and extensive technical review. The configuration guide for Microsoft Windows 2000 is being posted on the NSA web site and is presented in three parts: “.INF” files, configuration guides, and supporting documents..
NOTE: Follow these instructions to ensure that Microsoft Exchange will work with the Windows 2000 Security Configuration Guide.
A description of the files and how to modify the settings is available in the Guide to Securing Microsoft Windows 2000 Group Policy: Security Configuration Tool Set.

Title Last Reviewed File Size Revised
SCERegVl.INF Mar 09 13KB 5 Mar 03
W2kDC.INF Mar 09 32KB 5 Mar 03
W2K DOMAIN POLICY.INF Mar 09 4KB
W2k Server.INF Mar 09 32KB 5 Mar 03
W2k Workstation.INF Mar 09 31KB 5 Mar 03
ISA.INF Mar 09 1KB
Microsoft Windows 2000 Network Architecture Guide Mar 09 227KB
Guide to Securing Microsoft Windows 2000 Group Policy Mar 09 328KB
Guide to Securing Microsoft Windows 2000 Group Policy: Security Configuration Tool Set 1.2.2 Mar 09 755KB 12 Sep 06
Group Policy Reference Mar 09 769KB
Guide to Securing Microsoft Windows 2000 Active Directory Mar 09 611KB
Guide to Securing Microsoft Windows 2000 DNS Mar 09 372KB
Guide to Securing Microsoft Windows 2000 Encrypting File System Mar 09 218KB
Guide to Securing Microsoft Windows 2000 File and Disk Resources Mar 09 420KB
Guide to Securing Microsoft Windows 2000 Schema Mar 09 133KB
Guide to Securing Microsoft Windows NT/9x Clients in a Windows 2000 Network Mar 09 231KB
Guide to Secure Configuration and Administration of Microsoft ISA Server 2000 Mar 09 1,469KB
Guide to Secure Configuration and Administration of Microsoft Windows 2000 Certificate Services Mar 09 1,432KB
Guide to Secure Configuration and Administration of Microsoft Windows 2000 Certificate Services (Checklist Format) Mar 09 1,167KB
Guide to Secure Configuration and Administration of Microsoft Internet Information Services 5.0 version 1.4 Mar 09 2,731KB 16 JAN 04
Guide to Using DoD PKI Certificates in Outlook 2000, version 2.0 Mar 09 800KB
Guide to Windows 2000 Kerberos Settings Mar 09 369KB
Microsoft Windows 2000 Router Configuration Guide Mar 09 688KB
Guide to Securing Microsoft Windows 2000 DHCP Mar 09 337KB
Guide to Securing Microsoft Windows 2000 Terminal Services Mar 09 662KB
Microsoft Windows 2000 IPsec Guide Mar 09 1,330KB
Guide to Secure Configuration and Administration of Microsoft Exchange 2000 Mar 09 4,200KB 15 Dec 04
Zipped Windows 2000 Security Configuration Guides** (zip file) Mar 09 16,300KB 28 Oct 05

Return to Top


Sun Solaris

Sun Solaris 10

As part of a change in our development strategy for security guidance, NSA does not intend to publish its own security configuration guide for the Solaris 10 operating system. The recommendations in the documents below track closely with the security level historically represented in the NSA guidelines. It is our belief that these guides establish the latest best practices for securing the products and we recommend that traditional customers of our security recommendations use these guides when securing Solaris 10 systems.

Title Last Reviewed File Size Revised
CIS Solaris 10 Benchmark v4.0 * Mar 09 409KB 24 Sep 07
An Overview of Solaris 10 Operating System Security Controls * Mar 09 853KB 25 Sep 07

Return to Top


**To download and uncompress zipped files you need to have winzip loaded on your local machine.

Sun Solaris 9

NSA has developed and distributed configuration guidance for Sun Solaris 9 that is currently being used throughout the government and by numerous entities as a security baseline for their Sun Solaris systems.

Title Last Reviewed File Size Revised
Guide to Secure Configuration of Solaris 9 Mar 09 1,200KB