Achieving Federal Desktop Core Configuration Compliance with Lumension Solutions
sponsored by Lumension

The Federal Desktop Core Configuration (FDCC) is an Office of Management and Budget (OMB) mandated security configuration set applicable within United States Federal Government agencies. Private enterprises may also choose to utilize this established framework as a foundation for their own security configuration baselines. These FDCC guidelines were developed at the United States National Institute of Standards and Technology (NIST), based on collaborative work with the Department of Homeland Security (DHS), Defense Information Security Agency (DISA), National Security Agency (NSA), United States Air Force (USAF) and Microsoft.

The FDCC XML checklists detail security concerns identified by Common Vulnerability Enumeration (CVE), which may be resolved by patching, and those specified by Common Configuration Enumeration (CCE), which may be resolved by configuration setting. The FDCC specific configuration requirements are generally based on the "Principle of Least Privilege" restricting user and machine rights. In addition to the operating system coverage, the FDCC configuration standards extend to Windows Internet Explorer, Windows Firewall and Windows Defender. These specific applications, however, are not explicitly required. If these applications are not utilized, the guidance is that the FDCC settings be leveraged and equivalently extended to the alternative applications.

The FDCC v1.2.1.0 configuration guidance may be grouped into several categories, each addressing a different area of security. This whitepaper highlights these high level categories and a representative set of configuration items.

(THIS RESOURCE IS NO LONGER AVAILABLE.)
 
Available Resources from Lumension
See what other users are reading via our Daily Top 50 Report
.

About TechTarget:

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

All Rights Reserved, Copyright 2000 - 2014, TechTarget | Read our Privacy Statement