Agencies push ahead on security efforts

The National Institute of Standards and Technology has released updated security settings for agencies to adopt for Microsoft Windows XP and Vista operating systems under the Federal Desktop Core Configuration (FDCC).

NIST officials said they made the changes as a result of public comments they received in April and May and an analysis of agencies’ reports on their experiences implementing the existing settings.

Agencies must install the security settings when they upgrade to Microsoft XP or Vista, the Office of Management and Budget said in announcing the initiative last year. FDCC aims to provide a standard desktop view so agencies can make security improvements, such as installing virus patches, faster and more effectively, OMB said.

Currently, FDCC consists of 674 settings, but agencies can check 99 percent of them electronically using the Security Content Automation Protocol validation tool, NIST said in its June 20 announcement.

The CIO Council’s Architecture and Infrastructure Committee has created the FDCC Change Control Board to manage and address future changes to FDCC security settings, said Karen Evans, OMB’s administrator for e-government and information technology.

FDCC is one of several security initiatives for which agencies must complete milestones by the end of this month. The Trusted Internet Connections (TIC) initiative is another.

As part of that program, agencies reported to OMB that they have reduced the number of external Internet gateways from more than 4,300 in January to 2,758 in May, Evans said June 18. OMB has an ultimate target of only 100 secure Internet connections across the federal government.

With fewer connections to the Internet, agencies can better secure their networks, she said.

Vendors, including those on the Networx governmentwide telecommunications and network contract, can offer agencies TIC services, she added.

Agencies have a number of activities to complete to meet the deadline for the security initiatives, but there are tools that can help them, Evans said.

“The first best practice is cross-agency collaboration for sharing expertise, analyzing and validating requirements, and developing solutions,” she said.

Resources include:
• The Information Systems Security Line of Business tools.
• NIST's standards development process.
• The individual agency’s enterprise architecture, in particular the network infrastructure segment architecture.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.