Agencies push ahead on security efforts

The National Institute of Standards and Technology has released updated security settings for agencies to adopt for Microsoft Windows XP and Vista operating systems under the Federal Desktop Core Configuration (FDCC).

NIST officials said they made the changes as a result of public comments they received in April and May and an analysis of agencies’ reports on their experiences implementing the existing settings.

Agencies must install the security settings when they upgrade to Microsoft XP or Vista, the Office of Management and Budget said in announcing the initiative last year. FDCC aims to provide a standard desktop view so agencies can make security improvements, such as installing virus patches, faster and more effectively, OMB said.

Currently, FDCC consists of 674 settings, but agencies can check 99 percent of them electronically using the Security Content Automation Protocol validation tool, NIST said in its June 20 announcement.

The CIO Council’s Architecture and Infrastructure Committee has created the FDCC Change Control Board to manage and address future changes to FDCC security settings, said Karen Evans, OMB’s administrator for e-government and information technology.

FDCC is one of several security initiatives for which agencies must complete milestones by the end of this month. The Trusted Internet Connections (TIC) initiative is another.

As part of that program, agencies reported to OMB that they have reduced the number of external Internet gateways from more than 4,300 in January to 2,758 in May, Evans said June 18. OMB has an ultimate target of only 100 secure Internet connections across the federal government.

With fewer connections to the Internet, agencies can better secure their networks, she said.

Vendors, including those on the Networx governmentwide telecommunications and network contract, can offer agencies TIC services, she added.

Agencies have a number of activities to complete to meet the deadline for the security initiatives, but there are tools that can help them, Evans said.

“The first best practice is cross-agency collaboration for sharing expertise, analyzing and validating requirements, and developing solutions,” she said.

Resources include:
• The Information Systems Security Line of Business tools.
• NIST's standards development process.
• The individual agency’s enterprise architecture, in particular the network infrastructure segment architecture.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected