Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

U.S. agencies given deadline to secure XP, Vista configurations

The goal: Make sure government computers are run securely

March 21, 2007 12:00 PM ET

Computerworld - Federal agencies have until Feb 1, 2008 to implement a common secure configuration setting for all Windows XP and Vista systems based on standards from the National Institute of Standards and Technology (NIST) and other organizations.

But they have less time, until May 1, to provide details to the White House Office of Management and Budget on how they plan to do so. The deadlines were set by de facto federal CIO Karen Evans in a memorandum to agency CIOs yesterday.

The standard security settings for XP and Vista Evans was referring to were developed by NIST, the Department of Homeland Security (DHS), Microsoft Corp. and several other organizations. They basically describe certain basic configuration settings to secure the operating system against common classes of threats.

In her memo, Evans described the use of standard configurations as necessary for improving overall security and reliability at federal agencies.

"Common security configurations provide a baseline level of security, reduce risk from security threats and vulnerabilities, and save time and resources," she said. "This allows agencies to improve system performance, decrease operating costs and ensure public confidence in the confidentiality, integrity and availability of government information."

The memo directs agency CIOs to provide details on a variety of issues, including plans to test the security configurations in non-production environments to identify potential problems, implementing and automating enforcement of these settings and restricting administration of these configurations to authorized personnel only. Agencies must also be able to install Microsoft patches from DHS when new vulnerabilities are disclosed, the memo said.

Evans also wants all agency IT acquisitions after June 30 to use a common secure configuration that application software vendors have certified their products will work with.

Such stipulations are vital to improving security in the federal government, said Alan Paller director of research at the SANS Institute, a Bethesda, Md.-based security training company. The U.S. Air Force has already adopted a similar program under which it is using a common security configuration for Windows XP, Paller said.

The advantages of such standardization are enormous, he said, because common, secure configurations can help slow spread of malware and make patching more efficient.

It also forces application vendors to pay more attention to security. "It comes just in time to impact application developers building applications for Windows Vista," he said. "No Vista application will be able to be sold to federal agencies if the application does not run on the secure version of Vista," he said.

The same is also true of Windows XP applications.

"The really cool thing here is that the federal government is going to use its buying power to ask anyone who want to sell an application to make sure that it works on a secure standard configuration," he said. "It's the first time they are using their buying power in such a massive pro-security way."



Jump to comments

Karen Evans

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...