New Tools to Help Configure Secure Operating Systems
From NIST Tech Beat: August 3, 2007
Michael E. Newman
The National Institute of Standards and Technology (NIST) is making available “virtual machine images” of secure configurations of the Microsoft Windows XP and VISTA operating systems (OSs) to assist federal agencies in complying with computer security requirements mandated by the government’s Office of Management and Budget (OMB). The OS images allow federal agencies to simulate what will happen, and how critical applications will perform, when they move from their current operating environment to either of the two Microsoft OSs using security configurations mandated under OMB’s Federal Desktop Core Configuration (FDCC).
These images were created through a collaborative effort between Microsoft, OMB, NIST, the Department of Defense (DoD) and the Department of Homeland Security (DHS), and are available for download on a new Web site established by OMB. The images contain pre-configured security settings for agencies to use when testing and evaluating their applications to ensure they function effectively and securely during migration to these new operating systems.
“This resource facilitates agencies’ efforts to implement common security configurations which will boost government’s information security, improve system performance and decrease operating costs,” said Karen Evans, administrator of OMB’s Office of E-Government and Information Technology.
In addition, NIST’s National Checklist Program is working with a number of information technology providers on standardizing security settings for a wide variety of products and environments. NIST maintains more than 120 common security configuration guides used by agencies.
Frequently asked questions about the Web site, the virtual machine images and other technical information for adopting the secure Windows XP and VISTA configurations may be found at: http://csrc.nist.gov/fdcc.
The documents on which the FDCC is based are two OMB memoranda: M-07-11 of March 22, 2007, “Implementation of Commonly Accepted Security Configurations for Windows Operating Systems,” and M-07-18 of June 1, 2007, “Ensuring New Acquisitions Include Common Security Configurations.” Both may be accessed at www.whitehouse.gov/omb/memoranda/index.html.