OMB/FDCC Service Center

Home Challenge Directive Air Force Story Solutions Next Steps

The Directive

Johnson OMB Memo | Evans OMB Memo | Summary of Directive | Key Dates

Summary of Directive

The OMB requires your agency to develop plans for using the Microsoft Windows XP and Vista security configurations with an implementation date of no later than February 1, 2008. Agency implementation plans must describe the following items:

• Testing configurations in a non-production environment to identify adverse effects on system functionality
• Implementing and automating enforcement for using these configurations
• Restricting administration of these configurations to only authorized professionals
• Ensuring new acquisitions by June 30, 2007, to include these configurations and require information technology providers to certify their products operate effectively using these configurations
• Applying Microsoft patches available from DHS when addressing new Windows XP or Vista vulnerabilities
• Providing NIST documentation and rationale for any deviations from these configurations
• Ensuring these configurations are incorporated into agency capital planning and investment control processes