CignaCert Verify FDCC Compliance (YouTube)

CignaCert Verify FDCC Compliance (PDF Datasheet)

SignaCert Verify™ measures your desktops and compares them with the appropriate FDCC reference specification and reports on compliance status. If your desktops don't match, SignaCert Verify will deliver a detailed list of specific deviations providing you a clear path to achieving compliance. Simply download and run the client to view results.

This client scans the machine and creates an xml file with cryptographic hashes for the files it finds. Scanning is limited by policy to ONLY the C:\WINDOWS directories. NO USER DIRECTORIES ARE SCANNED. File types are also specified by policy. Only .bat, .cmd, .dll, .drv, .exe, .ocx, .scr, and .sys file types are scanned. NO USER FILES ARE SCANNED NOR IS ANY USER SPECIFIC INFORMATION CAPTURED. The xml file is sent to SignaCert Verify to compute the results. This transaction DOES NOT RECORD THE IP ADDRESS NOR ANY OTHER PERSIONALLY IDENTIFABLE INFORMATION.

Download

Nessus: Enterprise SCAP/FDCC Audits

Nessus: Enterprise SCAP/FDCC Audits

Lumension Security Launches SCAP-Ready Security Configuration Management Solution, Allowing Enterprises to Proactively Manage Secure Settings and Comp

SAN FRANCISCO, CA - RSA Conference 2008 - Lumension Security(TM) Inc., a recognized, global leader in security management formed by the combination of PatchLink® Corporation and SecureWave® S.A., today announced the availability of PatchLink Security Configuration Management (SCM). PatchLink SCM enables organizations to proactively assess secure configuration states of IT assets and automate internal and external audits in accordance with industry-recognized best practices.

PatchLink SCM leverages the National Institute of Standards and Technology's (NIST) open source Security Configuration Automation Protocol (SCAP) policies. The new offering is an enterprise-ready solution designed to perform a top-down threat analysis that reduces business risk, improves overall network performance and lowers costs while simultaneously addressing and meeting audit requirements. PatchLink SCM provides a comprehensive list of NIST's SCAP policies with more than 700 secure settings that directly map to industry regulations such as FDCC (Federal Desktop Core Configuration) and PCI DSS (Payment Card Industry Data Security Standard). The SCAP ready solution delivers customizable configuration templates based on industry best practices to help organizations quickly evaluate their security posture and determine the necessary remediation steps in order to maintain compliance with the industry security standard.

"Configuration security has become such a critical issue for both government and private industry in recent years that regulatory mandates -- including PCI DSS and FDCC -- have incorporated very specific configuration requirements," said Mike Wittig, president and CTO of Lumension Security. "Even with these mandates and standards in place, many organizations need the right configuration tools and automation to properly assess and maintain systems with specific settings on an ongoing basis. We have worked very closely with industry leaders such as NIST and the National Security Agency to develop this SCAP-ready solution that provides a top-down baseline of the security environment for standardizing and automating risk management, compliance reporting and security measurement."

Configuration issues are typically the result of changes made by employees within the firewall -- either intentionally or accidentally -- that open attack vectors for hackers. Default configurations for operating systems and applications are oftentimes not secure, and even when systems are initially secured, their configurations "drift" over time, resulting in reduced security posture, increased attack surface, application conflicts, reduced productivity and higher IT operating costs due to security incidents and helpdesk overhead.

In addition, according to the SANS Institute's best practices for preventing its top 20 risks, organizations should enforce configurations from the first day by implementing the most secure configurations that business processes will allow. Lumension Security's PatchLink SCM mitigates threats associated with mis-configured endpoints by providing out-of-the-box regulatory, standards-based assessment and industry best practices templates.

PatchLink SCM seamlessly integrates with Lumension Security's proven, industry-leading solutions, PatchLink Update and PatchLink Scan, to deliver a comprehensive, enterprise-class solution. This includes agent-based and agentless risk assessment of software flaws and configuration vulnerabilities, accurate remediation, continuous validation and policy compliance reporting. Lumension Security is currently working with an accredited laboratory to officially make its PatchLink Update and PatchLink Scan SCAP validated as part of the SCAP Validation Program. For more information, please visit http://nvd.nist.gov/scapproducts.cfm.

"The benefits of standardizing and automating secure configuration settings include slowing the spreading of botnets, radically reducing delays in patching and stopping many attacks directly. In addition, organizations that have addressed configuration issues typically report a significant cost savings," said Alan Paller, founder and research director of the SANS Institute.

Pricing & Availability

Lumension Security's PatchLink SCM will be available worldwide May 1, 2008. For more information, please visit the SCM product website. For a free 30-day trial of PatchLink SCM and Vulnerability Management Solution, please complete the product evaluation request form.

Source Link

Interactive:Threatguard's Secutor prime Pro

Threatguard's Secutor prime Pro Interactive
FDCC Policy Validation Review
Deviation Manager Analysis
Compliance Reporting

FDCC Compliance Strengthens Attachmate’s Federal Government Pedigree

Attachmate Corporation has announced that it has validated multiple products as compliant with critical Federal Desktop Core Configuration (FDCC) standards.

Eric Varness VP of Marketing Attachmate

The FDCC, a mandate of the Office of Management and Budget (OMB), is a set of security configurations developed by the National Institute of Standards and Technology (NIST) which cover Microsoft Windows Vista and Windows XP operating system software. FDCC-compliant products are those products compatible with the heightened security settings required on Microsoft Windows Vista and Windows XP operating systems deployed by U.S. government agencies.

The Attachmate products that have achieved compliance include:
•    EXTRA!® 9.0, Service Pack 1
•    INFOConnect™ 8.1 Service Pack 2
•     Reflection® X 2008
•    Reflection X 14.0.3
•    Reflection Suite for X 14.0.3
•    Reflection for IBM® 2007
•    Reflection for IBM 14.0.3
•    Reflection for UNIX and OpenVMS 14.0.3
•    Reflection for HP 14.0.3
 
Based on customizations of the Microsoft Security Guides for Windows Vista, Windows XP and Internet Explorer 7.0, FDCC provides details on specific settings necessary for securing a Windows XP or Windows Vista configuration. Testing has confirmed that the specified Attachmate products run in the standard user context without elevated system administration privileges; that the standard installation, operation, maintenance, updating and/or patching behaviors of the products do not alter the approved FDCC configuration; and that the products are fully functional when run in an FDCC environment.

Attachmate's products were validated against both the NIST FDCC Microsoft Windows XP Q4/2007 and Windows Vista Q4/2007 reference images.

"Attachmate has a long history of working in partnership with federal customers to secure data-in-motion and to meet Federal Information Security Management Act (FISMA) requirements," said Tom Gdowik, director of federal sales at Attachmate. "With enterprise relationships at the U.S. Air Force, the U.S. Navy, the Defense Information Systems Agency (DISA), the U.S. Department of Veterans Affairs (VA), the Internal Revenue Service (IRS), Military Health Systems, the U.S. Postal Service and other federal agencies, we are committed to providing solutions that secure federal customers' critical data."

In addition to FDCC-compliant offerings, Attachmate also provides solutions that comply with Federal Information Processing Standard (FIPS) 140-2, JITC PKI certification, Section 508 and other federal certifications. 

Attachmate® EXTRA! and Reflection are part of Attachmate's terminal emulation and secure host access product family, which provides secure connections to any host from any desktop, inside or outside the firewall. With Reflection's robust Web- and Windows-based products, customers can meet their host access needs while minimizing costs, maximizing IT flexibility and safeguarding critical business data. Attachmate Reflection works collaboratively or as a stand-alone tool, along with the company's host access, security and management products, to enable companies to extend the use of existing IT investments while adopting valuable new technologies to improve their business.

Reflection® Suite for X is Attachmate's premier multi-purpose PC X server and terminal emulation solution connecting Windows® users to applications on UNIX, OpenVMS, IBM, Unisys, and Linux systems. Advanced capabilities in the product allow organizations to minimize management costs, maximize IT flexibility and ensure high-level security for every connection.

For over 25 years, Attachmate has developed industry-leading products that are installed on over 16 million systems worldwide. Attachmate's entire range of solutions are backed by an award-winning team of highly trained and tenured service professionals who possess, on average, more than nine years of experience supporting Attachmate products. Organizations are switching to Attachmate and are realizing management, productivity and cost benefits in the process.

Attachmate, owned by an investment group led by Francisco Partners, Golden Gate Capital and Thoma Cressey Equity Partners, enables IT organizations to extend mission critical services and assure they are managed, secure and compliant. Attachmate's leading solutions include host connectivity, systems and security management, and PC lifecycle management. Our goal is to empower IT organizations to deliver trusted applications, manage service levels, and ensure compliance by leveraging knowledge, automation and secured connectivity.

For more information, visit www.attachmate.com.

Microsoft FDCC Webcast Series: Utility to apply FDCC settings to Local Group Policy

Language(s): English.
Product(s): Other.
Audience(s): Developer,Government,IT Professionals,Technology Decision Maker.

Duration: 60 Minutes
Start Date:
Wednesday, December 19, 2007 12:00 AM Pacific Time (US & Canada)


Event Overview

Description: Demonstration and discussion of a new utility that applies FDCC GPO settings to the Local Group Policy of a target computer.

Target Audience: Technical

FDCC Resources

Resources

Microsoft Resources

• Security Guidance:
• Windows Vista Security Guide
• Windows XP Security Guide
• Windows Server 2003 Security Guide
• Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
  

Government Resources

• OMB memo 7-11, issued on March 22, 2007: "Implementaiton of Commonly Accepted Security Configurations for Windows Operating Systems."
• OMB memo 7-18, issued on June 1, 2007 "Ensuring New Acquisitions Include Common Security Configurations."
• NIST's FISMA homepage: "FISMA Implementation Project."
• NIST FAQ on security guidance for Windows Vista: "Guidance for Securing Windows Vista."
• Security Content Automation Protocol (SCAP), driven by NIST, OSD, DHS, NSA, and DISA: "The Information Security Automation Program and The Security Content Automation Protocol."
• NIST's Security Configuration Checklist program: "Security Configuration Checklist Program for IT Products."
• NIST's security guide for Windows XP: "Guidance for Security Microsoft Windows XP Systems for IT Professionals."

FDCC in the media

• Federal Computer Week
• OMB finalizes acquisition language for standard desktop configuration, June 5, 2007
• OMB to help agencies with standardized desktop configuration, May 24, 2007
• OMB: Vista is an opportunity to set desktop standards, March 26, 2007
• Government Computing News
• A Path to a Standard Desktop, June 4, 2007
• Government Executive
• OMB sets security standards for Windows computers, March 20, 2007
• Information Week
• White House Sets Single Security Configuration For Windows Computers, June 29, 2007

Source: Microsoft Technet FDCC Blog by Kurt Dillard

Microsoft FDCC Webcast Series: Scanning Your Standard Image and Systems for FDCC SCAP Compliance

Language(s):	English.
Product(s):	Other.
Audience(s):	Business Decision Maker,Developer,Government,IT Professionals,Technology Decision Maker.
Duration:	60 Minutes
Start Date:	Wednesday, October 31, 2007 12:00 AM Pacific Time (US & Canada)
Event Overview
Description: Attend this webcast to understand the basics on how to download a free scanning tool and scan your image. We will also provide demonstrations by SCAP compliant security scanning software manufacturers on Enterprise scanning solutions Target Audience: Standard desktop configuration or image builders and engineers, IT Operations, Security, Help Desk and Monitoring System engineers

Microsoft FDCC Webcast Series: Importing FDCC GPOs Into Your Domain

Language(s):	English.
Product(s):	Other.
Audience(s):	Business Decision Maker,Developer,Government,IT Professionals,Technology Decision Maker.
Duration:	60 Minutes
Start Date:	Sunday, October 28, 2007 12:00 AM Pacific Time (US & Canada)
Event Overview
Description: How to Download, import, and implement FDCC GPOs in Domains; tips and tricks, methods, and management. Methods for loading FDCC settings into local Group Policy. Target Audience: Standard desktop configuration builders, IT Operations (especially those managing Group Policy in Agency's environment), Security personnel