[tforum] PC and Network lockdown at the federal government level

Joe Breen joe.breen at utah.edu
Wed Jan 16 16:19:29 MST 2008


For those that support collaborations with federal government entities 
and for those that track security on PCs and networks, y'all may have an 
interest in following what the Office of Management and Budget (OMB) is 
pushing along with the Department of Homeland and Security (DHS).

############
PC Lockdown:
The following article describes how the National Institute of Standards 
and Technology (NIST) has developed standard security templates that the 
government is now requiring agencies to apply.  The templates are only 
Windows XP and Vista, though, NIST is developing templates for Apple, 
Red Hat and other Operating Systems (OS).  The templates are the Federal 
Desktop Core Configuration (FDCC) and are open for all to 
use/copy/implement/ignore/etc.

http://www.eweek.com/c/a/Security/PC-Lockdown-in-the-Government-and-Beyond/?kc=EWKNLGOV011608FEA1

These templates will impact services that government employees and 
agencies can utilize at the desktop and, eventually, servers.  These 
templates might also be of use as a reference in the 
educational/research area.

The Federal Desktop Core Configuration documents are at:
http://csrc.nist.gov/fdcc/

The NIST Security Automation Program (SCAP) information is at:
http://nvd.nist.gov/scap.cfm

#############
Network Lockdown:
Earlier this month, I participated in a conference call with about 35 
others from national research networks, government networks and all the 
government agencies.  The main agenda item was the idea of Trusted 
Internet Connections (TICs).  At the end of November and the first of 
December, the Office of Management and Budget (OMB) held two meetings 
where they declared that all federal agencies would have to operate 
through these TICs.  Representatives of DHS, NIST and some of the 
federal agencies are meeting to come up with architecture of what these 
Connection points will be.  The basic concept is that any connection to 
the Internet or between federal agencies must happen through a 
standardized set of controls and trusted network site.  A Trusted 
Internet Connection (TIC) is a site where these controls and trusted 
co-location site exists.  This fact means that agencies such as NASA 
must look at many of their collaborative T1 connections and pare them 
down to specific TIC locations.  This fact also means that the 
respective agencies will have to implement the standard security 
controls and all collaborative research and normal communication must go 
through these controls.  The government is hoping to pare down costs by 
minimizing and aggregating internet and collaborative connections.  The 
government is also hoping to increase security by standardizing the 
security controls at these aggregation points.  The implementation of 
these TICs will affect network latencies and collaborations with all 
entities, even between agencies.  Many of the agencies represented on 
the phone conference brought up these subjects.  The agencies also 
pointed out that this mandate does not currently have funding but will 
require additional resources, especially in the area of security.

The OMB document describing the TIC initiative is:
http://www.whitehouse.gov/omb/egov/documents/TIC_ImplementationPlanningGuidance.pdf

The Presidential Initiative on Information Systems Security is at:
http://www.whitehouse.gov/omb/egov/c-6-6-its.html

Federal Information Security Management Act (FISMA)
http://iase.disa.mil/fisma/index.html
*NOTE:* This act requires FISMA compliance for some government 
collaborations.


More information about the tforum mailing list