CIOs Push New Software Settings

Two members of the CIO council have proposed baseline candidate settings for Windows 7 and Internet Explorer 8, an attempt to implement and secure new software without compromising existing security settings.

Proposed by Sanjeev Bhagowalia, former Interior Department chief information officer and Michael W. Carleton, CIO at the Health and Human Services Department, the settings are intended to be guidance toward maintaining an effective security posture.

While there's no way of requiring agencies to deploy USGCB, and the CIO Council has no official power over agencies, Carleton could very well set the trend at HHS. Bhagowalia is now the deputy associate administrator for innovative technology at the General Services Administration. The other notable piece of the settings proposal is its call to agencies to buy software only if vendors deliver software that can work on an agency's secure configuration.

"We encourage you to ensure that vendors deliver products properly configured to your agency's needs and standards," wrote Bhagowalia and Carleton in a release to the council. "It can be most efficient to include the USGCB configurations in contract terms and conditions related to agency's acquisition policies."

Modifications may still be made to the settings as agencies begin to use the products and learn about unpredicted difficulties and security vulnerabilities. USGCB is intended to replace the Federal Desktop Core Configuration (FDCC), according to its authors.

Neither Bhagowalia nor Carleton responded to multiple inquiries for comment.