OMB directs use and proof of security settings

he Office of Management and Budget has published guidance to help agencies implement the first major version of the Federal Desktop Core Configuration (FDCC) when they update to the Microsoft Windows XP or Vista operating system.

The configuration applies to all desktop and laptop PCs but not to servers, said Karen Evans, OMB’s administrator for e-government and information technology, in a memo released Aug. 12.

“It is important for the collective security of the federal government for all the Windows XP and Windows Vista computers to meet or exceed FDCC, regardless of function,” Evans said.

FDCC provides a standard configuration to improve IT security, and OMB officials have said it should make updates, such as installing virus patches, faster and more effective.

In June, agencies submitted detailed technical plans to OMB about their implementation of FDCC security settings. In July, OMB directed agencies to include a description of the FDCC elements they have implemented in their Federal Information Security Management Act (FISMA) annual reports.

The National Institute of Standards and Technology, which released the first major FDCC version in June, provides descriptions of the correct settings and a checklist for applying them. To assist agencies, NIST also offers Security Content Automation Protocol content, which, along with other SCAP tools that have FDCC scanning capability, can validate the security settings on Windows operating systems, Evans said.

“Agencies must also use these tools when monitoring use of these configurations as part of FISMA continuous monitoring,” Evans said.

Federal and industry IT providers must use SCAP software to prove that their products adhere to FDCC settings, she said. In February, procurement regulators added FDCC to federal acquisition rules. Agency chief information officers must choose vendors that have made assertions regarding their products’ support for FDCC, Evans said.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.