The Office of Management and Budget's deputy director for management recently signed a memorandum to all agency heads directing them to follow a standard security configuration for Microsoft computer operating systems. Clay Johnson's directive backs up a memo that Karen Evans, OMB's administrator of e-government and information technology, sent to chief information officers this week asking them to deliver plans to OMB on how they intend to implement the policy by May 1.
Johnson's memo lays out the reasons for the standard this way:
The recent release of the VistaTM operating system provides a unique opportunity for agencies to deploy secure configurations for the first time when an operating system is released. Therefore, it is critical for all Federal agencies to put in place the proper governance structure with appropriate policies to ensure a very small number of secure configurations are allowed to be used.
DoD has worked with NIST and DHS to reach a consensus agreement on secure configurations of the VistaTM operating system, and to deploy standard secure desk tops for Windows XPTM. Information is more secure, overall network performance is improved, and overall operating costs are lower.
For other thoughts on the security memo, click here.