Federal Desktop Core Configuration (FDCC)
The primary vulnerability management goal of FDCC is to establish a requirement that all Federal Agencies adhere to a standardized configuration of approximately 300 settings on each of their Windows XP and Vista Computers.
The Federal Desktop Core Configuration (FDCC) is an Office of Management and Budget (OMB) mandated security configuration. The FDCC was originally cited in a March 22 2007 memorandum from OMB to all Federal agencies and department heads and a corresponding memorandum from OMB to all Federal agency and department Chief Information Officers (CIO). This document outlines the security and hardening procedures for select Windows desktop operating systems and directives from the government for enforcement.
FDCC Operating System Specifications
The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0. Microsoft's Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST. The guide reflects the consensus recommended settings from DISA, NSA, and NIST for the Windows Vista platform.
The Windows XP FDCC is based on Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft's Security Guide for Internet Explorer 7.0.
FDCC Major Version 1.1 is based on Microsoft Windows XP Service Pack (SP) 2 and Microsoft Windows Vista SP 1. Although Security Content Automation Protocol (SCAP) Content has been engineered so that it will also operate on Windows XP SP3, near-term Windows XP patch checking covers both SP2 and SP3. It is understood that many managed environments throughout the Federal government implement service packs shortly after their release. While near-term Windows XP checking is based on Windows XP/SP2, we do not anticipate any significant measurement issues for Windows XP/SP3.
Compliance with Federal Desktop Core Configuration (FDCC):
eEye Digital Security’s Retina Network Security Scanner, REM Security Management Console, and Blink Endpoint Protection Platform all provide enablement of FDCC Standards. The vulnerability assessment component of each solution is enabled with FDCC audits to verify compliance with the OMB specification.
More detailed information regarding FDCC can be found at http://nvd.nist.gov/fdcc/index.cfm