FDCC too Microsoft-centric, industry groups charge

Two industry trade groups have independently expressed concerns over the various aspects of the Federal Desktop Core Configuration (FDCC), the preset secure configuration that the Office of Management and Budget is requiring agencies to adhere to when upgrading their computers to Microsoft Windows XP or Vista.

Although both Software and Information Industry Association and the Information Technology Association of America agree that FDCC will improve security for federal agencies, they both have voiced concerns how the FDCC could be interpreted to favor the use of Microsoft products over their competitors, among other issues.

Each association has sent a letter to Karen Evans, OMB's administrator for e-government and information technology, that outlined the concerns.

"Under the current certification plan, software firms that provide software that competes with Windows XP or Vista ' or competes with Microsoft applications that are bundled with Windows XP or Vista ' are put at a competitive disadvantage," wrote Ken Wasch, president of SIIA.

The letter also expressed concerns about the use of the Windows installer.

In its own letter, the Information Technology Association of America has requested a meeting with Evans. Its concerns revolved mostly around misperceptions in the IT community that have arisen since the mandate, which OMB issued last March.

One concern is the rumor that the FDCC bars operating systems other than Microsoft Windows. The other is that the FDCC prohibits the use of Java.

Neither are true, though the ITAA is calling on OMB to issue additional guidance clarifying these points, according to a spokesperson for the organization. .

In an interview with GCN, Bill Vass, president of Sun's federal subsidiary, noted that'contrary to a growing belief in the systems administration community'the FDCC does not prohibit the use of the Java Runtime Engine.

The JRE can be installed on the computer during its initial configuration and remain inert. But the way the FDCC is set up, the user must click on box each time he or she wants to run an applet.

The JRE is a small program that is loaded onto a desktop that allows the user to run Web applets, which can offer additional features that can not be executed through the standard Hypertext Markup Language. It is similar to Adobe Flash and Microsoft's own ActiveX controls.

Vass noted that many agencies use the applets in their business applications.

In terms of other operating systems, the National Security Agency is working on a set of security baselines for operating systems other than Microsoft Windows, including Apple OS X Leopard, Red Hat Enterprise Linux and Sun Solaris.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.