Federal Desktop Core Configuration

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Federal Desktop Core Configuration was a list of security settings recommended by the National Institute of Standards and Technology for general-purpose microcomputers that are connected directly to the network of a United States government agency.

FDCC applied only to Windows XP and Vista desktop and laptop computers.

FDCC was replaced by the United States Government Configuration Baseline (USGCB), which also includes settings for Windows 7 and Red Hat Enterprise Linux 5.

History[edit]

In 20 March 2007 the Office of Management and Budget issued a memorandum instructing United States government agencies to develop plans for using the Microsoft Windows XP and Vista security configurations.[1][2] The United States Air Force common security configurations for Windows XP were proposed as an early model on which standards could be developed.[2]

The FDCC baseline was developed (and is maintained) by the National Institute of Standards and Technology in collaboration with OMB, DHS, DOI, DISA, NSA, USAF, and Microsoft,[2] with input from public comment.[3] It applies to Windows XP Professional and Vista systems only—these security policies are not tested (and according to the NIST, will not work) on Windows 9x/ME/NT/2000 or Windows Server 2003.[3]

Requirements[edit]

Organizations required to document FDCC compliance can do so by using SCAP tools.

Released in 20 June 2008, FDCC Major Version 1.0 specifies 674 settings.[3] For example, "all wireless interfaces should be disabled".[4] In recognition that not all recommended settings will be practical for every system, exceptions (such as "authorized enterprise wireless networks") can be made if documented in an FDCC deviation report.[2][4]

Major Version 1.1 (released 31 October 2008) has no new or changed settings, but expands SCAP reporting options.[3] As with all previous versions, the standard is applicable to general-purpose workstations and laptops for end users. Windows XP and Vista systems in use as servers are exempt from this standard. Also exempt are embedded computers and "special purpose" systems (defined as specialized scientific, medical, process control, and experimental systems), though NIST still recommends that FDCC security configuration be considered "where feasible and appropriate".[5]

External links[edit]

References[edit]

  1. ^ "F D C C Additional NIST Frequently Asked Questions – How do I report compliance and deviations?". National Vulnerability Database. National Institute of Standards and Technology. 
  2. ^ a b c d Evans, Karen S. (20 March 2007). Managing Security Risk By Using Common Security Configurations (DOC). Retrieved 2009-03-02. 
  3. ^ a b c d "F D C C download page". National Vulnerability Database. National Institute of Standards and Technology. 
  4. ^ a b "F D C C Additional NIST Frequently Asked Questions – Are there any conditions under which wireless is allowed?". National Vulnerability Database. National Institute of Standards and Technology. 
  5. ^ "F D C C Additional NIST Frequently Asked Questions – Is FDCC applicable to special purpose (e.g., scientific, medical, process control, and experimental systems) computers?". National Vulnerability Database. National Institute of Standards and Technology.