Agencies push ahead on security efforts

The National Institute of Standards and Technology has released updated security settings for agencies to adopt for Microsoft Windows XP and Vista operating systems under the Federal Desktop Core Configuration (FDCC).

NIST officials said they made the changes as a result of public comments they received in April and May and an analysis of agencies’ reports on their experiences implementing the existing settings.

Agencies must install the security settings when they upgrade to Microsoft XP or Vista, the Office of Management and Budget said in announcing the initiative last year. FDCC aims to provide a standard desktop view so agencies can make security improvements, such as installing virus patches, faster and more effectively, OMB said.

Currently, FDCC consists of 674 settings, but agencies can check 99 percent of them electronically using the Security Content Automation Protocol validation tool, NIST said in its June 20 announcement.

The CIO Council’s Architecture and Infrastructure Committee has created the FDCC Change Control Board to manage and address future changes to FDCC security settings, said Karen Evans, OMB’s administrator for e-government and information technology.

FDCC is one of several security initiatives for which agencies must complete milestones by the end of this month. The Trusted Internet Connections (TIC) initiative is another.

As part of that program, agencies reported to OMB that they have reduced the number of external Internet gateways from more than 4,300 in January to 2,758 in May, Evans said June 18. OMB has an ultimate target of only 100 secure Internet connections across the federal government.

With fewer connections to the Internet, agencies can better secure their networks, she said.

Vendors, including those on the Networx governmentwide telecommunications and network contract, can offer agencies TIC services, she added.

Agencies have a number of activities to complete to meet the deadline for the security initiatives, but there are tools that can help them, Evans said.

“The first best practice is cross-agency collaboration for sharing expertise, analyzing and validating requirements, and developing solutions,” she said.

Resources include:
• The Information Systems Security Line of Business tools.
• NIST's standards development process.
• The individual agency’s enterprise architecture, in particular the network infrastructure segment architecture.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.