OMB/FDCC Service Center
Approach - Your agency's goal should be a single security configuration for each operating system. Testing and evaluation of security settings against hardware configurations, enterprise applications and user operating requirements will determine whether you can adopt a single configuration and whether you require a variance from the NIST published guidelines. There are numerous technical and policy decisions that need to be addressed when determining whether and how specific guidelines should be employed in your enterprise. You may also need to establish a baseline desktop configuration that includes the operating system, enterprise applications and security settings. Our experience indicates that successfully accomplishing these tasks will require coordination, negotiation and support from a number of groups within your organization. In our work with the Air Force, over 190 applications were tested. A great percentage of the issues centered on privileges. Resolution of some issues varied between Windows XP and Vista.
Objective – Establish appropriate security configuration settings for your environment, note adverse effects of the configuration on enterprise applications and end user processes, recommend remediation options for application and user issues.