14 DAY TRIAL // The White House is pushing for a standardization of the security in Windows Vista and Windows XP. This will involve the adoption of common security settings on PCs running either Windows Vista or its predecessor, Windows XP. The common set of secure configuration settings was developed by the National Institute of Standards and Technology (NIST) together with other organizations and is designed to be implemented across desktops in federal agencies.
February 1, 2008 is the deadline imposed for the adoption of common security standards. But federal agencies will have to present the White House Office of Management and Budget with detailed plans of the standardization no later than May 1, 2007. Karen Evans, the de facto federal CIO authored the deadlines via a memorandum sent to agency CIOs the past week.
"Common security configurations provide a baseline level of security, reduce risk from security threats and vulnerabilities, and save time and resources," Evans explained. "This allows agencies to improve system performance, decrease operating costs, and ensure public confidence in the confidentiality, integrity, and availability of government information."
"No Vista application will be able to be sold to federal agencies if the application does not run on the secure version of Vista," commented Alan Paller, SANS Institute director of research. "XP application vendors will also be required to certify that their applications run on the secure configuration of Windows XP."
The adoption of common security standards aims to increase the overall level of security and reliability in federal agencies. The implementation process will involve an array of issues from testing the new security configuration in isolated environments, to automating the deployment of the settings and to restrict access and administration of these configurations.