Wyatt Kash | Fed tools aid security

Editor's Desk | commentary: The security benefits of standard PC configurations make the effort worthwhile.

AS AGENCY information technology staffs know all too well, the day of reckoning has arrived for getting hundreds of thousands of desktop PCs to meet new Federal Desktop Core Configuration (FDCC) requirements.

From 50,000 feet, it makes tremendous sense to standardize the operating settings for Microsoft Windows XP, Vista and Internet Explorer on government-owned desktop PCs as a way to reduce security vulnerabilities.

The National Institute of Standards and Technology, the Air Force and other agencies ' along with Microsoft ' deserve credit for developing it.

FDCC, in fact, represents a bold move by the government. Given the vast numbers of desktop PCs the government buys and maintains, FDCC has the potential to establish a new benchmark in desktop security practices in the government. Moreover, it also could ' and we hope will ' help a much larger universe of IT administrators in the commercial world who face the same security challenges.

The view of FDCC from the ground, however, is more complicated.

If the challenges agencies faced meeting the Feb. 1 federal reporting deadline are any indication, complying with FDCC requirements can create as many problems as it solves.

That was clearly evident at an FDCC workshop hosted by NIST late last month (GCN.com GCN.com/959).

One challenge is that 16 of the more than 100 checks needed to meet FDCC compliance must be done by hand. However, such obstacles should not deter efforts to move forward with FDCC (see some solutions, Page 23).

A new set of security configuration scanning tools approved this month by NIST should help IT administrators.

The tools use the Security Content Automation Protocol, a framework for automating and standardizing vulnerability management measurement and policy compliance.

SCAP scanning tools can check computers and generate reports for compliance not only with FDCC but also with other mandates, such as the Federal Information Security Management Act. (See more at GCN.com/966.) We may always live in an unruly world where ever-evolving software and ever-adapting security threats constantly collide. But NIST-standardized templates for operating systems and automated tools for checking security settings are worthy weapons in the quest for cybersecurity.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above