The time of reckoning has arrived for Federal agencies, and youe organization might not be far behind. Earlier this year, the Information Security Automation Program (ISAP) - a collaborative of Federal and private entities including the Office of Management and Budget, NIST, Department of Homeland Security, National Security Administration, Air Force and Microsoft - released the core components of the Federal Desktop Core Configuration (FDCC).
The FDCC standardizes configuration settings for Microsoft Windows XP Professional SP-2, Microsoft Windows Vista Enterprise, and Internet Explorer 7.0. The idea behind FDCC is to make management easier and security more bulletproof for the many thousands of desktop and laptop platforms throughout Federal government.
To implement the FDCC requirements, the ISAP developed the National Validation Database (NVD). The NVD is essentially a repository of configuration and security evaluation tools for Windows products. It provides resources to help agencies test, implement, and deploy the Microsoft Windows XP and Vista FDCC baseline. Most of the tools in the NVD are built on the Security Content Automation Protocol (SCAP). SCAP delivers an open and standardized mechanism for automated vulnerability management, measurement, and policy compliance evaluation. A detailed discussion of SCAP is available from NIST.
There are some problems with FDCC, notably addressed in an editorial by Wyatt Kash, the editor of Government Computer News. But the complexity and proliferation of computer systems in the Federal government will push the FDCC forward as a standard that will likely cross public/private sector boundaries, especially given Microsoft’s involvement with it. There’s little doubt that SCAP tools addressing operating systems other than Windows and software products other than operating systems will be coming soon.
Buckle up…
Monday, May 19, 2008
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment