OMB: Vista is an opportunity to set desktop standards

Policies at the Air Force, Army serve as a governmentwide model

The Office of Management and Budget’s decision to require agencies to move to a standard desktop configuration for Microsoft Windows is as much about timing as it is about evolution.

With Microsoft’s recent release of Vista, its new operating system, and the Air Force and Army implementing a baseline configuration for Windows XP, OMB officials are hoping the government will take a significant step toward improving
governmentwide cybersecurity. Some experts have called it the biggest opportunity ever for improving cybersecurity in the government.

“The recent release of the Vista operating system provides a unique opportunity for agencies to deploy secure configurations for the first time when an operating system is released,” said Clay Johnson, OMB’s deputy director for management, in a memo to department executives. “Therefore, it is critical for all federal agencies to put in place the proper governance structure with appropriate policies to ensure a very small number of secure configurations are allowed to be used.”

In a separate memo to agency chief information officers, Karen Evans, OMB’s administrator for e-government and information technology, established milestones for departments as they get ready to move to a standard desktop configuration.

OMB is expanding governmentwide the work of the Air Force, the Army, the National Institute of Standards and Technology, the National Security Agency and the Homeland Security Department, which have led the charge to develop a standard Windows configuration for the past three years. 

“Air Force’s process and procedures put a line in the sand on what was possible,” said Curt Kolcun, Microsoft federal division’s vice president.

John Gilligan, vice president and deputy director at SRA International’s defense sector, said OMB’s memos closely track the desktop standardization work he initiated when he was Air Force CIO.

“The biggest challenge was not in determining what the standard configuration was but in rolling it out and [enforcing] rigorous discipline,” Gilligan said.

Many CIOs and agency IT managers support OMB’s decision.

“I applaud OMB for putting out the guidance and setting the road map,” said Lisa Schlosser, the Department of Housing and Urban Development’s CIO. “This has been a long time coming, and it will be a great benefit to the government.”

And now that OMB has set the governmentwide effort in motion, Schlosser expects to see standard configurations for desktops running Unix, Apple or Linux operating systems.

Schlosser and other agency IT managers said the benefits from a standard configuration are significant. Experts pointed out that agencies will immediately profit from standardization because many security procedures become easier, including buying software that meets the standard, installing and testing patches, and keeping employees from using unapproved peer-to-peer networks.

“This will ease system administration,” said Air Force Lt. Gen. Charles Croom, director of the Defense Information Systems Agency. “I sent a note out [to managers] asking how this compares to what we are doing now.”

DISA, like several military services and agencies, already has a standard desktop configuration for XP. It receives a gold master copy from Microsoft that meets the baseline configurations, and administrators load the software on all machines.

Vernon Bettencourt, Army deputy CIO, said another big benefit of desktop standardization has been cost savings. He estimated that the Army spends about $78 million a year on Microsoft licenses through the Army’s Enterprise License Agreement, about 42 percent less than typical government prices.

Although CIOs and IT managers across the board praised OMB’s decision, some expressed concerns. One agency IT manager, who requested anonymity, wondered how a standard configuration would affect mission-critical systems and the disparate infrastructures in field offices.

Kolcun agreed that the scale of the government’s effort is groundbreaking.
“This is beyond where most commercial entities are with size and the distributed nature of the customer base,” he said.
Deadlines for using desktop standardsIn two memos to agency officials, the Office of Management and Budget set deadlines for agencies to develop and implement a standard desktop configuration for Windows.

By May 1, 2007:
Agencies must submit plans to OMB for deploying standard desktop configurations for Microsoft Windows XP and Vista. Submission should include plans for:
  • Testing configurations in a nonproduction environment to identify adverse effects on a system’s functionality.
  • Implementing and automating enforcement for these configurations.
  • Restricting administration of those configurations to authorized employees.
  • Applying patches for XP and Vista vulnerabilities.
  • Providing documentation of any deviations from these requirements and why they need to be different.
  • Making sure that these standards are part of the agency’s capital planning and investment control processes.
By June 30, 2007:
Agencies must ensure that new acquisitions support the standardized configurations and require vendors to certify their products can work under those standards.

By Feb. 1, 2008:
Agencies must implement the new standard desktop configuration for Windows XP and Vista.

The 2014 Federal 100

Get to know the 100 women and men honored this year for going above and beyond in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above