White House Specifies And Mandates Secure Windows

twitter writes "The Register is reporting on an effort to bring order to the wild world of Windows patching, at least in the US Federal Government. The White House has issued a directive to federal CIOs throughout the country, issuing a call for all new PCs to use a 'common secure configuration.' 'Registry settings and which services would be turned on or off by default [are specified and] the directive calls for suppliers (integrators and software vendors) to certify that the products they supply operate effectively using these more secure configurations. "No Vista application will be able to be sold to federal agencies if the application does not run on the secure version of Vista," explained Alan Paller, director of research at The SANS Institute.'"

Re:Why don't they roll their own?

[evil_Tak]

Or perhaps some kind of security-enhanced Linux variant...the NSA could even help develop it!

The actual OMB memo

[beetle496]

The actual OMB memo (pdf, sorry) can be found at URL:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07 -11.pdf

The text follows:

EXECUTIVE OFFICE OF THE PRESIDENT
OFFICE OF MANAGEMENT AND BUDGET
WASHINGTON, D.C. 20503
DEPUTY DIRECTOR FOR MANAGEMENT
March 22, 2007

M-07-11 / MEMORANDUM FOR THE HEADS OF DEPARTMENTS AND AGENCIES

FROM: Clay Johnson / Deputy Director for Management

SUBJECT: Implementation of Commonly Accepted Security Configurations for Windows Operating Systems

To improve information security and reduce overall IT operating costs, agencies who have Windows XP TM deployed and plan to upgrade to the VistaTM operating system, are directed to adopt the security configurations developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DoD) and the Department of Homeland Security (DHS).

The recent release of the VistaTM operating system provides a unique opportunity for agencies to deploy secure configurations for the first time when an operating system is released. Therefore, it is critical for all Federal agencies to put in place the proper governance structure with appropriate policies to ensure a very small number of secure configurations are allowed to be used.

DoD has worked with NIST and DHS to reach a consensus agreement on secure configurations of the VistaTM operating system, and to deploy standard secure desk tops for Windows XPTM. Information is more secure, overall network performance is improved, and overall operating costs are lower.

Agencies with these operating systems and/or plans to upgrade to these operating systems must adopt these standard security configurations by February 1, 2008. Agencies are requested to submit their draft implementation plans by May 1, 2007 at fisma@omb.eop.gov. With your endorsement we will work with your CIOs on this effort to improve our security for government information. If you have questions about this requirement, please contact Karen Evans, Administrator, E-Government and Information Technology at (202)395-1181 or at fisma@omb.eop.gov.