By Mary Mosquera
September 24, 2008
The Office of Management and Budget plans to verify the data that
agencies submitted about their progress in implementing the Federal
Desktop Core Configuration (FDCC) by using a statistical sampling
approach that assesses policy compliance.
OMB anticipates that it will validate the agency data in November or
December using the Policy Utilization Assessment (PUA) program, Karen
Evans, OMB's administrator for e-government and information technology,
said today at a security conference sponsored by the National Institute
of Standards and Technology.
The FDCC is a standard security configuration that agencies must
implement when they update their computers to the Microsoft Windows XP
or Vista operating system. OMB has said a standard configuration should
improve IT security because it requires a standard desktop view and
should make updates, such as installing virus patches, faster and more
In June, agencies submitted detailed technical plans to OMB about their
implementation of FDCC security settings. In August, Evans issued
guidance on implementing the first version of the FDCC.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!