|
|
 |
|
Federal
Desktop Core Configuration
FDCC
|
FDCC Proposed Updates |
At the Office of Management and Budget's (OMB) request, NIST is administering public comment for proposed settings changes to the
Federal Desktop Core Configuration (FDCC). The first public comment period will last from 1 April until 30 April 2008. Comments will
be reviewed and posted for a second comment period, which will last from 1 May until 31 May 2008. Final review will occur and an
updated FDCC will be posted mid-June 2008.
Constructive comments are welcome from all parties. This includes but is not limited to Federal employees, contractors and
service providers, product vendors, and commercial sector personnel. Comments are requested in a specific format. NIST
requests that commenting parties use the spreadsheet of proposed changes. Commentary is welcome for any or all proposed
changes. NIST requests critiques be provided using the first two columns of the proposed changes spreadsheet. Column A is
entitled "Do You Support the Proposed Change?" Populate this column using the pull down selector to choose Yes or No.
Column B is entitled "Comments." In the Comments column, provide a rationale for any Yes or No answers indicated in
Column A. Completed comments spreadsheets can be submitted via electronic mail to fdcc@nist.gov
with the Subject line "FDCC Change Critique".
To assist organizations in assessing the impact of proposed changes, NIST has also provided updated Security Content Automation
Protocol (SCAP) Content for FDCC. This updated content has two profiles. "Federal Desktop Core Configuration Beta [beta number] Update"
is the current FDCC settings with some basic syntactical, textual, and logical fixes. "Federal Desktop Core Configuration Beta [beta number]
Update with Proposed Updates" reflects all current FDCC settings and the proposed changes to FDCC. To assess impact for
any given computer(s), NIST suggests the following process: a) scan target computer(s) with "Federal Desktop Core Configuration
Beta 1 Update" using SCAP ValidatedFDCC Scanner software, b) note 'results set one,' c) scan target computer(s) with "Federal
Desktop Core Configuration Beta 1 Update with Proposed Updates" using SCAP Validated FDCC Scanner software, d) note 'results set
two,' and e) compare results set one to results set two. Not only does the updated SCAP Content support an impact assessment, it also
supports well-informed critiques, so NIST recommends using the updated SCAP Content in your test environment before submitting critiques.
|
|
|
|
FDCC Beta 2 Update with Proposed Updates |
|
File
|
SHA-1 Digest
|
SHA-256 Digest
|
Note
|
FDCC-Beta-2-
Update-2008-05-02.zip |
2D84D72CBEB2B0E
80F1C75F8653CAA
8E5C019BA2
|
34150341AF67FA998
5D340D914356AAAA55
096B609B78D260197C
BDE0E9C3866
|
2008.05.02
Beta 2 Release
|
FDCC-May-
2008-change-list.xls |
C6E9833B55A6F69
385EF163C87A3BC
72685202C7
|
80B16C766AA855E
492850238AB619A
C32B9A3FDF18BE6
D5358FF7E2234D2
370E
|
2008.05.01
Second Round Comments
|
Updates to May Change List (since the initial April release):
|
Action
|
CCE-ID
|
Setting
|
|
Remove
|
CCE-1009
|
Turn off the Publish to Web task
|
|
Remove
|
CCE-439
|
Allow Scriptlets
|
|
Remove
|
CCE-625
|
Disable the Reset Web Setting feature
|
|
Add
|
CCE-227
|
kerberos_enforce_user_logon_restrictions
|
|
Add
|
CCE-33
|
kerberos_maximum_lifetime_user_ticket_renewal
|
|
Add
|
CCE-37
|
kerberos_maximum_lifetime_user_ticket
|
|
Add
|
CCE-588
|
kerberos_maximum_tolerance_computer_
clock_synchronization
|
|
Add
|
CCE-6
|
kerberos_maximum_lifetime_service_ticket
|
|
Add
|
CCE-119
|
Restrict ActiveX Install
|
|
Add
|
CCE-40
|
Task Scheduler
|
|
|
|
|
FDCC Beta 1 Update with Proposed Updates |
|
|
|
|
|
Comments and Questions
|
|
Comments
and questions may be addressed to fdcc@nist.gov.
|
|
