FDCC Federal Desktop Core Configuration 2007 Security Requirements

The Federal Desktop Core Configuration (FDCC) is a security configuration that must be enabled on any desktop that connects to a federal network. FDCC began with a 2007 memorandum by the United States Office of Management and Budget (OMB). That memo discusses the need for a centralization of effort in defining a central configuration for all desktops contained within federal IT environments. Such a unified configuration would strengthen federal IT security by mandating a tested configuration across all federal IT organizations.

This configuration would additionally provide a standardized starting point for external vendors, easing their process with developing solutions that work across the whole of government IT. In conjunction with the FDCC, the OMB also began work on the Security Content Automation Protocol (SCAP), a cross platform vulnerability management protocol that enables outside vendors to validate their productsf functionality with FDCC desktops as well as other regulations required by government systems.

For Microsoft operating systems (OSs), today’s FDCC provides guidance for the Windows XP and Windows Vista OSs, describing a list of registry changes and Group Policy changes that must be implemented across all desktops. These changes span from disabling unnecessary services and applications to configuring firewall rules to adjusting user account and event log settings. Currently a version 1.0 release, the specific guidance can be downloaded from the Web site of the National Institute of Standards and Technology (NIST) at http://nvd.nist.gov/fdcc/index.cfm.