OMB to help agencies with standardized desktop configuration

The Office of Management and Budget will help federal acquisition officials more effectively articulate their requirements for a standard desktop configuration for Microsoft Windows to information technology providers, an OMB analyst said today.

Daniel Costello, OMB senior policy analyst, said the agency plans to issue a memo next week with recommended acquisition language to help agencies as they strive to adopt standard desktop configurations. Costello addressed agency officials at a breakfast meeting conducted by the Potomac Forum titled “A Secure Standard Desktop Configuration for Government: Meeting the OMB Mandate.”

OMB requires civilian agencies to move to a standardized desktop configuration for the Microsoft Windows XP and Vista operating systems by February 2008. The move should make it easier for agencies to manage their desktops and rapidly push patches to fix security vulnerabilities, experts say.

If agencies don’t move to a standardized configuration, migration to new operating systems is useless, Costello said.

“The operating system is the underlying DNA of computer systems,” he said. If organizations improve operating-system configuration, security can be improved at higher levels, he added.

Regarding the recommended acquisition language, Costello said, “You don’t have to use it.” However, the language is designed to “help agencies articulate to your IT providers what you need in your IT acquisitions” to achieve the goal of a secure, standardized desktop environment, he said.

The recommendations are a compilation of best practices created by OMB, the Defense Department and other entities, he said. Agencies can modify the language to meet their specific needs.

In addition, OMB will be working during the next few months to incorporate standard desktop configuration requirements into federal acquisition regulations, he said. The move should help give acquisition officials and program managers more consistent guidance on security issues, such as the incorporation of provisions of the Federal Information Security Management Act of 2002.

OMB is also working with DOD, Microsoft and the National Institute of Standards and Technology to establish a virtual machine in which vendors can test their products to verify that they comply with baseline configurations, he said. That process is taking a little longer because “we want to do it right,” he said.

Also at the forum, Wes Anderson, general manager at Microsoft Federal Services, said the company plans to conduct technical exchanges for agency officials to help them deploy standard desktop configurations. Microsoft Consulting Services is also offering the Standard Desktop Solution to help agencies jump-start their desktop initiatives.

Rutrell Yasin writes for Government Computer News, an 1105 Government Information Group publication.