Security and Maintenance (formerly known as Action Center, and Security Center in earlier versions) is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.

Security and Maintenance consists of three major components: A control panel applet, a Windows service and an application programming interface (API) provided by Windows Management Instrumentation (WMI).

The control panel applet divides the monitored criteria into categories and color-codes them. Yellow indicates a non-critical warning, e.g. some settings are not being monitored or are not optimal. Red indicates a critical message, e.g. anti-virus program is offline.

A service, named "Security Center", determines the current state of the settings. The service, by default, starts when the computer starts; it continually monitors the system for changes, and notifies the user if it detects a problem. In versions of Windows prior to Windows 10, it adds a notification icon into the Windows Taskbar.

A WMI provider makes the settings available to the system. Third-party anti-virus, anti-spyware and personal firewall software vendors primarily register with Security and Maintenance through the WMI provider. Windows Vista added a new set of APIs that let programs retrieve the aggregate health status within Security and Maintenance, and to receive notifications when the health status changes. These APIs allow programs to confirm that the system is in a healthy state before engaging in certain actions. For example, a computer game can ensure that a firewall is running before connecting to an online game.

Security and Maintenance is in charge of the following:

Microsoft learned from discussions with customers that there was confusion as to whether users were taking appropriate steps to protect their systems, or if the steps they were taking were effective. From this research, Microsoft made the decision to include a visible control panel with Windows XP Service Pack 2 that would provide a consolidated view of the most important security features. Service Pack 2, released in August 2004, includes the first version of Windows Security Center (WSC). This version monitors Windows Update, Windows Firewall, and the availability of an anti-virus program. Third-party providers of personal firewall and anti-virus software packages were encouraged to use WSC API to register their products with WSC.

On August 25, 2004, PC Magazine published an article in their Security Watch newsletter titled "Windows XP SP2 Security Center Spoofing Threat" which outlined a design vulnerability which could allow malware to manipulate Security Center into displaying a false security status regardless of the true security status. To do so, the malware requires administrative privileges. Microsoft countered their claim by asserting that if a piece of malware gains administrative privileges, it need not spoof anything, as it can commit much nastier malicious actions.