McAfee offers FDCC template

Agencies using the McAfee compliance reporting software now have a new template to assess how well their desktop computers meet the Federal Desktop Core Configuration.

Last week, the company sent out an FDCC template as part of its regular updates for the Foundstone compliance reporting tool, said John Bordwine, senior director for security at McAfee.

Foundstone scans computers and network devices on a network and returns a report on how they are configured. The new FDCC template matches how well desktop and laptop PCs adhere to the FDCC. Administrators simply need to check their consoles for the template and, when they want to run an FDCC check, apply that template to a network-wide assessment, Bordwine said.

Last year, the Office of Management and Budget ordered that agencies upgrading their desktop computers, and those running Microsoft Windows XP or Windows Vista, must conform to the FDCC. Authored by the National Institute of Standards and Technology, FDCC ensures that basic security precautions are taken, such as turning off unused services and running user applications in user, rather than system administrator, mode.

Bordwine said that compiling an assessment of the current state of desktop computers is the first task agencies must undertake to meet OMB's goals for FDCC.

In related FDCC news, NIST has updated its FDCC Frequently Asked Questions, clarifying matters on wireless networking settings, account policy and OMB reporting requirements, according to the Microsoft FDCC blog.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected