OMB directs use and proof of security settings

he Office of Management and Budget has published guidance to help agencies implement the first major version of the Federal Desktop Core Configuration (FDCC) when they update to the Microsoft Windows XP or Vista operating system.

The configuration applies to all desktop and laptop PCs but not to servers, said Karen Evans, OMB’s administrator for e-government and information technology, in a memo released Aug. 12.

“It is important for the collective security of the federal government for all the Windows XP and Windows Vista computers to meet or exceed FDCC, regardless of function,” Evans said.

FDCC provides a standard configuration to improve IT security, and OMB officials have said it should make updates, such as installing virus patches, faster and more effective.

In June, agencies submitted detailed technical plans to OMB about their implementation of FDCC security settings. In July, OMB directed agencies to include a description of the FDCC elements they have implemented in their Federal Information Security Management Act (FISMA) annual reports.

The National Institute of Standards and Technology, which released the first major FDCC version in June, provides descriptions of the correct settings and a checklist for applying them. To assist agencies, NIST also offers Security Content Automation Protocol content, which, along with other SCAP tools that have FDCC scanning capability, can validate the security settings on Windows operating systems, Evans said.

“Agencies must also use these tools when monitoring use of these configurations as part of FISMA continuous monitoring,” Evans said.

Federal and industry IT providers must use SCAP software to prove that their products adhere to FDCC settings, she said. In February, procurement regulators added FDCC to federal acquisition rules. Agency chief information officers must choose vendors that have made assertions regarding their products’ support for FDCC, Evans said.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.