Risk //

Compliance

3/10/2009
05:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Persystent Technologies Publishes White Paper For Federal Agencies Seeking To Maintain Compliance With FDCC Rules

Year-old mandate requires that all federal agencies standardize the configuration of approximately 300 settings on each of their Windows-based PCs.

TAMPA, FL, March 10, 2009 " Persystent Technologies, developers of the fastest automated PC recovery product on the market—restoring corrupted, changed, or missing operating system and application files in 30 seconds or less—today announced the availability of a new white paper that offers federal agencies advice on how to achieve compliance with the Federal Desktop Core Configuration (FDCC) mandate. The white paper complements Persystent Technologies' software, which is already in use by a number of government departments to help ensure FDCC compliance.

The FDCC mandate, put in place one year ago by the U.S. Office of Management and Budget, requires that all federal agencies standardize the configuration of approximately 300 settings on each of their Windows-based PCs. The reason for this standardization is to strengthen federal IT security by reducing opportunities for hackers to access and exploit government computer systems. While agencies across the government support the goal, many have found compliance to be a significant challenge, especially given the complexity of federal IT environments. Most federal agencies employ thousands of workers in multiple divisions spread across diverse geographic regions. In defense-related departments, the complexity is further compounded by a variety of security protocols and regulations.

"In the 21st Century, federal agencies can't afford to have government computers taken out of commission by a virus, malware, or the downloading of an unauthorized program " whether it's a result of a malicious attack or from accidental misuse," declared Joe Loughry, CEO of Persystent Technologies. "The spirit behind the FDCC rules is to encourage agencies to avoid such disasters. At Persystent Technologies, we're offering to be a partner to government IT leaders by delivering both a roadmap to help guide implementation, as well as software tools to ensure ongoing compliance."

In its white paper, "How IT Can Enforce the Federal Desktop Core Configuration (FDCC) Mandate," authored by Jamie Cerra, senior sales engineer, Persystent Technologies offers four simple steps for adopting the year-old rules. According to the company, agencies should:

1. Build and create a FDCC-compliant desktop configuration image. 2. Deploy the image across all desktops and laptops in the organization, and update changes to FDCC policy globally across all desktops/laptops. 3. Manage compliance with the FDCC after deployment. 4. Establish an audit schedule to ensure that all desktops maintain FDCC compliance.

Because implementing FDCC entails deploying the mandated configuration on every desktop and laptop, the deployment effort across an organization is significant, particularly when FDCC requirements can change multiple times per month. Persystent Technologies offers a way to reduce this burden with its Persystent Suite software. Persystent Suite enables agencies to keep in synch with the latest FDCC updates by automating the process of building a fully compliant configuration baseline. Once an agency has established a "Gold FDCC Image Disk," Persystent Suite has the unique ability to enforce that configuration automatically, avoiding the need to increase IT headcount or reallocate staff time. As requirements change or as other components are updated through third party deployment tools, the baseline FDCC image can be easily adjusted and re-deployed from a centralized, web-based management and policy administration console. Once the baseline is deployed, Persystent Suite offers an added layer of security by automatically removing unauthorized programs at every reboot in 30 seconds or less. The software works regardless of whether the PC is connected to the network, and does not require a healthy OS to engage. This is ideal for mobile federal employees as well as those working offsite from remote locations.

One of the unique attributes of Persystent Suite is the ability to manage desktop configurations by groups. In so doing, the Persystent software enables an agency to apply the FDCC settings via group or local policy and once the baseline is created, users can't change it. However, the software does preserve user settings and profiles if users are given the ability to update their personal information.

Agencies are also grappling with compliance once the FDCC rules are implemented. For example, agencies are being asked to audit every desktop/laptop for compliance, stretching IT staff to their limits. Persystent Suite automatically logs every configuration change, including setting changes and software installation and removal. Those with administrative rights can see who is in compliance and can also maintain computers by testing against the baseline and communicating appropriately.

"Persystent Suite is ideal for enforcing the FDCC standard because we can help ensure compliance with a specified image or configuration," added white paper author Cerra. "We automate compliance by simply resetting the image back to the baseline every time a computer is restarted. This helps improve security by reducing vulnerabilities and reduces support costs by automating PC repair."

About Persystent Technologies The Persystent Technologies solutions ensure that end-user desktop and laptop computers are always available and fully functional—whether in the office or offsite.

When computers are down, so is business productivity, therefore Persystent Technologies developed the only automated PC recovery product on the market with unsurpassed speed, restoring application and operating system (O/S) files that are corrupted, changed, or missing, in less than 30 seconds.

Unlike any other disaster recovery provider, Persystent Technologies offers the only solution that restores degraded systems to a working state whether the PC is on or off the network, and even if the OS cannot engage.

Nothing, including viruses, malware or other unauthorized programs can stop a Persystent PC from returning to its desired configuration. By simply rebooting the system, either automatically or on demand, Persystent Technologies eliminates the need for manual PC reimaging while preserving user data and settings during the restoration process.

In addition to keeping end users productive, Persystent Technologies enables IT staffs to control PC damage, reduce help desk calls, enforce compliance, and improve the success rate of software patches and updates. Additional benefits include energy savings through reduced PC power consumption via an automatic shutdown feature.

Founded in 2002, Persystent Technologies solutions have been instrumental to organizations across North America including government, health care and education sectors with limited resources to support a high ratio of employees to IT staff and 24/7 business uptime.

For more information on Persystent Technologies and its solutions, visit: www.persystent.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4035
PUBLISHED: 2019-03-22
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X...
CVE-2019-4052
PUBLISHED: 2019-03-22
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
CVE-2019-9648
PUBLISHED: 2019-03-22
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
CVE-2019-9923
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2019-9924
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.