Thursday, July 2, 2009

DOD Defining Microsoft Windows 7 Security

As users await the release of the next version of the Windows operating system, Microsoft is working with the government to establish secure system settings that are expected to become the Federal Desktop Core Configuration (FDCC) for Windows 7.

Earlier this month, Microsoft released the alpha version of its security guide for the new operating system. At the same time, it is working with the Defense Department to harmonize the setting with the FDCC. Ideally, the two components will constitute a single standard for secure configuration when Microsoft releases the operating system this fall.

It is not the first time the government has worked with Microsoft before the release of an operating system, said Steve Quinn, a senior computer scientist at the National Institute of Standards and Technology (NIST). The National Security Agency, the Defense Information Systems Agency and NIST worked with the company on configurations during the pre-release stage of Vista.

"A lot of the recommended security settings were baked into the system before it shipped," Quinn said.

NIST has outlined the process for creating security configuration checklists in its National Checklist Program (NCP). Quinn said DOD and Microsoft will perform the primary work of writing the configuration for Windows 7, but the goal will be a government wide standard applicable beyond just defense and national security systems. When completed, NIST will check the configuration against the NCP for appropriateness and evaluate it.


Technorati Tags: ,