The Federal Desktop Core Configuration is a list of security settings recommended by the National Institute of Standards and Technology for general-purpose microcomputers that are connected directly to the network of a United States government agency.
FDCC Major Version 1.1 (as with all previous versions) applies only to Windows XP and Vista desktop and laptop computers.
Contents |
In 20 March 2007 the Office of Management and Budget issued a memorandum instructing United States government agencies to develop plans for using the Microsoft Windows XP and Vista security configurations.[1][2] The United States Air Force common security configurations for Windows XP were proposed as an early model on which standards could be developed.[2]
The FDCC baseline was developed (and is maintained) by the National Institute of Standards and Technology in collaboration with OMB, DHS, DOI, DISA, NSA, USAF, and Microsoft,[2] with input from public comment.[3] It applies to Windows XP Professional and Vista systems only—these security policies are not tested (and according to the NIST, will not work) on Windows 9x/ME/NT/2000 or Windows Server 2003.[3]
Organizations required to document FDCC compliance can do so by using SCAP tools.
Released in 20 June 2008, FDCC Major Version 1.0 specifies 674 settings.[3] For example, "all wireless interfaces should be disabled".[4] In recognition that not all recommended settings will be practical for every system, exceptions (such as "authorized enterprise wireless networks") can be made if documented in an FDCC deviation report.[2][4]
Major Version 1.1 (released 31 October 2008) has no new or changed settings, but expands SCAP reporting options.[3] As with all previous versions, the standard is applicable to general-purpose workstations and laptops for end users. Windows XP and Vista systems in use as servers are exempt from this standard. Also exempt are embedded computers and "special purpose" systems (defined as specialized scientific, medical, process control, and experimental systems), though NIST still recommends that FDCC security configuration be considered "where feasible and appropriate".[5]
For Windows 7, the FDCC was replaced by the United States Government Configuration Baseline (USGCB).