It was the end of March that all federal agencies were supposed to meet the Federal Desktop Core Configuration (FDCC) policy for all Microsoft Windows XP and Vista systems by using the Security Content Automation Protocol, otherwise known as SCAP (pronounced S-cap).
Each agency is required to submit their FDCC reports to the National Institute of Standards and Technology (NIST). The FDCC policy came about using an interesting collaboration of numerous agencies working with Microsoft, including NIST, the Department of Homeland Security, the Defense Information Systems Agency, the National Security Agency, and the US Air Force.
While the title of the policy would lead you to believe it is primarily focused on the respective Microsoft operating systems, the policy actually extends to cover assorted components such as firewalls, antivirus, web browsers, and more. In an article appearing in the May 23rd issue of Processor, Ron Gula, chief executive officer and chief technical officer for Tenable Security speaks well of SCAP in comparison to the Payment Card Industry Data Security Standard (PCI-DSS) when he says, "SCAP has very specific settings that are applied to specific operating systems. It's taking the ambiguity out of system configurations."
According to the article, written by Sandra Kay Miller, here are some specifics on SCAP:
"SCAP is a suite of open standards that function together to deliver automated vulnerability management, measurement, and policy compliance evaluation. The XCCDF (eXtensible Configuration Checklist Description Format) and OVAL (Open Vulnerability Assessment Language) are assessment protocols. The reference protocols include the CCE (Common Configuration Enumeration), CPE (Common Platform Enumeration), CVSS (Common Vulnerability Scoring System), and CVE (Common Vulnerabilities and Exposures).
SCAP will allow security technologies to exchange systems and vulnerability information through a common format, thus allowing individual agencies the flexibility to use configuration management and security solutions that best meet their needs and budgets."
While the FDCC was established for government agencies to establish desktop configuration standards, the SCAP standards offer a lot of value to nongovernment organizations too. According to Gula,“You’ll see organizations like credit unions and healthcare agencies—those who work with the government—implementing FDCC." It is likely that many government organizations will make this a prerequisite for doing future business with their agency, especially if any electronic data is required to be shared between the two parties as part of doing business.
The configuration audit and compliance reporting capabilities of Ecora Auditor Pro can aid both government agencies and non-government organizations in assessing current desktop configurations and identify variances from the SCAP standards. To learn more about the Federal Desktop Core Configuration policy and how to audit your desktop configurations against SCAP standards, you can view this web recording on Standardizing Windows Desktop Configurations.
Contributed by Mark Tordoff
Very good blog! Thanks!
Posted by: Generisches kamagra | January 24, 2010 at 03:35 AM
Very good blog! Thanks!
Posted by: Generisches Viagra | January 23, 2010 at 04:26 AM
HI buddy very interesting information about Basics on the Federal Desktop Core Configuration standards thanks for sharing!!
Posted by: Buy Viagra | January 06, 2010 at 07:55 AM
hey friend excellent blog about Basics on the Federal Desktop Core Configuration standards thanks for sharing I really enjoyed reading!!1
Posted by: Viagra Online | December 10, 2009 at 08:56 AM
Thanks for posting this valuable information.
http://healthnova.org
Posted by: karambo | October 06, 2009 at 02:50 AM
nice post
Posted by: eryop | April 20, 2009 at 04:21 AM
I think, if you haven't any spyware you can suffer from virus programs. Now I use http://file.sh/nod32+torrent.html
Posted by: eryop | April 20, 2009 at 04:20 AM
ronscap
Posted by: | October 18, 2008 at 05:23 AM