What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close


    OMB directs use and proof of security settings

    Related Links

    Guidance on the Federal Desktop Core Configuration

    Agencies push ahead on security effort

    he Office of Management and Budget has published guidance to help agencies implement the first major version of the Federal Desktop Core Configuration (FDCC) when they update to the Microsoft Windows XP or Vista operating system.

    The configuration applies to all desktop and laptop PCs but not to servers, said Karen Evans, OMB’s administrator for e-government and information technology, in a memo released Aug. 12.

    “It is important for the collective security of the federal government for all the Windows XP and Windows Vista computers to meet or exceed FDCC, regardless of function,” Evans said.

    FDCC provides a standard configuration to improve IT security, and OMB officials have said it should make updates, such as installing virus patches, faster and more effective.

    In June, agencies submitted detailed technical plans to OMB about their implementation of FDCC security settings. In July, OMB directed agencies to include a description of the FDCC elements they have implemented in their Federal Information Security Management Act (FISMA) annual reports.

    The National Institute of Standards and Technology, which released the first major FDCC version in June, provides descriptions of the correct settings and a checklist for applying them. To assist agencies, NIST also offers Security Content Automation Protocol content, which, along with other SCAP tools that have FDCC scanning capability, can validate the security settings on Windows operating systems, Evans said.

    “Agencies must also use these tools when monitoring use of these configurations as part of FISMA continuous monitoring,” Evans said.

    Federal and industry IT providers must use SCAP software to prove that their products adhere to FDCC settings, she said. In February, procurement regulators added FDCC to federal acquisition rules. Agency chief information officers must choose vendors that have made assertions regarding their products’ support for FDCC, Evans said.

    About the Author

    Mary Mosquera is a reporter for Federal Computer Week.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Your Name:(optional)
    Your Email:(optional)
    Your Location:(optional)
    Comment:
    Please type the letters/numbers you see above

    eSeminar

    • Technology success through the stimulus Karen Jackson

      FCW will present Karen Jackson, deputy secretary of technology for the Commonwealth of Virginia, at 11 a.m. Wed, Dec. 9, in an eSeminar where she will discuss technology acquisition through the stimulus. Read more

    Federal Computer Week eNewsletters

    • Subscribe to Newsletters Subscribe

      Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.

    Highlights from the current issue