Mandate for federal desktop security set to kick in

The federal government’s desktop security mandate kicks in this week, requiring government agencies to support standard secure configurations for Windows XP and Vista operating systems.

Known as the Federal Desktop Core Configuration standard, the FDCC will require agencies to apply and maintain standard security settings on all desktops and laptops. The idea is to return control of key systems to administrators, limiting users’ ability to change their desktop configurations while keeping the system more secure.

Agencies have to have a plan in place by Feb. 1, and desktops have to be configured to meet the standard by the end of February. Established by the U.S. Office of Management and Budget, the FDCC guidelines also require federal agencies to assess, monitor and report regularly about these endpoint configurations.

In conjunction with this requirement, the National Institute of Standards and Technology (NIST) has developed the Security Content Automated Protocol (SCAP), which vendors can use in their vulnerability-assessment and reporting products.

Vendors are moving to support SCAP, with Lumension Security Tuesday announcing it has upgraded its Security Configuration Management Suite to support it.

“The SCAP standard is for reporting on desktop status as it relates to the Federal Desktop Core Configuration (FDCC),” says Matt Mosher, senior vice president of sales for the Americas at Lumension, the company formed by PatchLink and SecureWave.

Lumension has created a software add-on for its SCM PatchLink Update Server and Scan Module to support the SCAP automated compliance-checking for FDCC. The add-on is expected to cost about US$5 per node. Other vendors also are ramping up for FDCC, with BigFix expected to announce an update for its Security Configuration Module Wednesday.

Related content:

Another data breach at Veterans Affairs

U.K. politicians want to criminalize data leaks

Passport Online breach adds to privacy chief’s audit list

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now