Hold off on that Windows 7 installation

No sense in installing Windows 7 before the final version of federal desktop security guidelines

Several federal agencies, including all of the military services, jumped at the opportunity to start testing Windows 7, but it will be a while before they can implement the new OS for real. Why? Because they have to wait for the Federal Desktop Core Configuration (FDCC) to be finalized.

The FDCC is a list of settings for various operating systems, all designed to optimize a computer’s security. The current version of the FDCC has 674 settings for Windows XP and Vista. The National Institute of Standards and Technology started work on a new version that contains Windows 7 settings back in June. However, despite the early start NIST still must post the proposed new version for public comment, and it probably won’t be finalized until spring 2010.

The Air Force started the FDCC, and the rest of the federal government quickly adopted it as a way to radically reduce setup and patching times, and to drastically cut down on help desk calls. And that it did, saving millions through bulk purchasing and decreased technical support time.

And that's why everyone in government is waiting to implement Windows 7. It would be a waste of effort to start installing it only to find out that you guessed wrong on some of the security settings. This could double your implementation time, effectively negating the benefits that could be reaped from following the FDCC guidelines. So in this case, waiting is the right thing.

Besides, this timeline jibes well with my standing policy. For my own personal computers, I always wait for the first service pack to be released before installing any new operating system. And since service packs tend to take from six months to a year to come out, waiting for both won’t cost any extra time.

About the Author

Greg Crowe is a former GCN staff writer who covered mobile technology.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Fri, Jun 11, 2010 DG NJ

This is how govt works. Always a decade behind. The reasons are primarily incompetence to do things quicker.

Tue, Nov 24, 2009 Ken Page Washington DC

I completely disagree with the author on both of his recommendations. There is absolutely no reason to wait for the Win7 FDCC to be approved, which is not expected until late spring or early summer. The DoD has already done significant research and has decided to adopt the current Vista FDCC settings plus about 70 additional settings. Agencies can press forward with their draft settings, which will be very close to the final configuration and any updates can be implemented very quickly and easily using Group Policy Objects. Wait until Service Pack 1 is released--that's about as "old school" as it gets. Move to Win7 as soon as possible.

Fri, Nov 20, 2009 Win7-ophile

I agree with you about waiting for FDCC before widespread implementation, but you totally lost me with the service pack comment at the end. As I see it, Windows 7 isn't really a full blown OS version release, but more of a Vista service pack. It's Vista done right.

Thu, Nov 19, 2009 Get_A_Clue DoD

I'm guessing the author still runs NT4 at home. The service pack arguement hasn't held true for many, many years. "For my own personal computers, I always wait for the first service pack to be released before installing any new operating system." In case you haven't heard Windows 7 is basically just an update to Vista anyways, waiting to begin piloting Win7 because NIST is painfully slow is a waste of time, they are going to follow most of what they already put out for Vista anyways and that can easily translate over to Win7. Plus, what IT organization doesn't use Group Policy to force FDCC compliance. Anything "new" can be quickly updated in GP and applied. Please stop trying to scare misinformed CIO's about delaying something that could have a huge benefit for their organization.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group