Risk //

Compliance

3/10/2009
05:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Persystent Technologies Publishes White Paper For Federal Agencies Seeking To Maintain Compliance With FDCC Rules

Year-old mandate requires that all federal agencies standardize the configuration of approximately 300 settings on each of their Windows-based PCs.

TAMPA, FL, March 10, 2009 " Persystent Technologies, developers of the fastest automated PC recovery product on the market—restoring corrupted, changed, or missing operating system and application files in 30 seconds or less—today announced the availability of a new white paper that offers federal agencies advice on how to achieve compliance with the Federal Desktop Core Configuration (FDCC) mandate. The white paper complements Persystent Technologies' software, which is already in use by a number of government departments to help ensure FDCC compliance.

The FDCC mandate, put in place one year ago by the U.S. Office of Management and Budget, requires that all federal agencies standardize the configuration of approximately 300 settings on each of their Windows-based PCs. The reason for this standardization is to strengthen federal IT security by reducing opportunities for hackers to access and exploit government computer systems. While agencies across the government support the goal, many have found compliance to be a significant challenge, especially given the complexity of federal IT environments. Most federal agencies employ thousands of workers in multiple divisions spread across diverse geographic regions. In defense-related departments, the complexity is further compounded by a variety of security protocols and regulations.

"In the 21st Century, federal agencies can't afford to have government computers taken out of commission by a virus, malware, or the downloading of an unauthorized program " whether it's a result of a malicious attack or from accidental misuse," declared Joe Loughry, CEO of Persystent Technologies. "The spirit behind the FDCC rules is to encourage agencies to avoid such disasters. At Persystent Technologies, we're offering to be a partner to government IT leaders by delivering both a roadmap to help guide implementation, as well as software tools to ensure ongoing compliance."

In its white paper, "How IT Can Enforce the Federal Desktop Core Configuration (FDCC) Mandate," authored by Jamie Cerra, senior sales engineer, Persystent Technologies offers four simple steps for adopting the year-old rules. According to the company, agencies should:

1. Build and create a FDCC-compliant desktop configuration image. 2. Deploy the image across all desktops and laptops in the organization, and update changes to FDCC policy globally across all desktops/laptops. 3. Manage compliance with the FDCC after deployment. 4. Establish an audit schedule to ensure that all desktops maintain FDCC compliance.

Because implementing FDCC entails deploying the mandated configuration on every desktop and laptop, the deployment effort across an organization is significant, particularly when FDCC requirements can change multiple times per month. Persystent Technologies offers a way to reduce this burden with its Persystent Suite software. Persystent Suite enables agencies to keep in synch with the latest FDCC updates by automating the process of building a fully compliant configuration baseline. Once an agency has established a "Gold FDCC Image Disk," Persystent Suite has the unique ability to enforce that configuration automatically, avoiding the need to increase IT headcount or reallocate staff time. As requirements change or as other components are updated through third party deployment tools, the baseline FDCC image can be easily adjusted and re-deployed from a centralized, web-based management and policy administration console. Once the baseline is deployed, Persystent Suite offers an added layer of security by automatically removing unauthorized programs at every reboot in 30 seconds or less. The software works regardless of whether the PC is connected to the network, and does not require a healthy OS to engage. This is ideal for mobile federal employees as well as those working offsite from remote locations.

One of the unique attributes of Persystent Suite is the ability to manage desktop configurations by groups. In so doing, the Persystent software enables an agency to apply the FDCC settings via group or local policy and once the baseline is created, users can't change it. However, the software does preserve user settings and profiles if users are given the ability to update their personal information.

Agencies are also grappling with compliance once the FDCC rules are implemented. For example, agencies are being asked to audit every desktop/laptop for compliance, stretching IT staff to their limits. Persystent Suite automatically logs every configuration change, including setting changes and software installation and removal. Those with administrative rights can see who is in compliance and can also maintain computers by testing against the baseline and communicating appropriately.

"Persystent Suite is ideal for enforcing the FDCC standard because we can help ensure compliance with a specified image or configuration," added white paper author Cerra. "We automate compliance by simply resetting the image back to the baseline every time a computer is restarted. This helps improve security by reducing vulnerabilities and reduces support costs by automating PC repair."

About Persystent Technologies The Persystent Technologies solutions ensure that end-user desktop and laptop computers are always available and fully functional—whether in the office or offsite.

When computers are down, so is business productivity, therefore Persystent Technologies developed the only automated PC recovery product on the market with unsurpassed speed, restoring application and operating system (O/S) files that are corrupted, changed, or missing, in less than 30 seconds.

Unlike any other disaster recovery provider, Persystent Technologies offers the only solution that restores degraded systems to a working state whether the PC is on or off the network, and even if the OS cannot engage.

Nothing, including viruses, malware or other unauthorized programs can stop a Persystent PC from returning to its desired configuration. By simply rebooting the system, either automatically or on demand, Persystent Technologies eliminates the need for manual PC reimaging while preserving user data and settings during the restoration process.

In addition to keeping end users productive, Persystent Technologies enables IT staffs to control PC damage, reduce help desk calls, enforce compliance, and improve the success rate of software patches and updates. Additional benefits include energy savings through reduced PC power consumption via an automatic shutdown feature.

Founded in 2002, Persystent Technologies solutions have been instrumental to organizations across North America including government, health care and education sectors with limited resources to support a high ratio of employees to IT staff and 24/7 business uptime.

For more information on Persystent Technologies and its solutions, visit: www.persystent.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.