Federal Agencies Miss Deadline on Security Configurations

Since most of us deal with the federal government in Northern Virginia (NoVA), we thought you might find this article interesting. It’s an older but interesting SecurityFocus.com article by Robert Lemos about how most government agencies are failing to meet the OMB-mandated Federal Desktop Core Configuration (FDCC). The FDCC mandates that all U.S. federal agencies lock down their general-use desktop computers using a recommended set of over 700 configuration settings that intend to better secure the system. Most agencies have complied with 95 percent to 98 percent of the required settings in the configuration. Agencies that have their typical users running as Local Administrator instead of the recommended User rights are the ones who have the most work to do. Bruce Schneier is quoted at the end as saying that the federal government’s focus on security should result in applications and operating systems that work better in more secure configurations. “By forcing companies to make better software with more reliability, we all benefit.” Echoing Mr. Schneier’s words, we think this will be a plus for security because it could cause vendors to start selling systems secure-by-default based on the government’s tremendous buying power. You can find the original article at SecurityFocus.com.

Leave a Reply

Your email address will not be published. Required fields are marked *