1 / 9

US Government Configuration Baseline (USGCB)

US Government Configuration Baseline (USGCB). Bob Gourley http:// ctolabs.com March 2012. About This Presentation:. Context on the USGCB Core Benefits Principles for your consideration. Context on the USGCB.

lorne
Download Presentation

US Government Configuration Baseline (USGCB)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. US Government Configuration Baseline (USGCB) Bob Gourley http://ctolabs.comMarch 2012

  2. About This Presentation: • Context on the USGCB • Core Benefits • Principles for your consideration

  3. Context on the USGCB • Evolved from desktop configuration efforts of the last decade, including Federal Desktop Core Configuration (FDCC). • Based on extensive coordination across the federal government • An initiative to create configuration baselines, with a focus on security. For IT products widely deployed across federal agencies. • Provides guidance on what should be done. Agencies can be more detailed in their guidance, but must meet USGCB guidance at a minimum. • USGCB guidelines for Windows and Red Hat Linux available now. MacOS coming soon. Android OS probably not too far behind. This effort has proven to be virtuous on many levels

  4. Benefits of USGCB • Security is the key driver. • But significant benefits to enhanced availability and functionality • Cost savings also potentially dramatic due to better maintainability and better potential for automation • Non-government benefits include better ability for contractor workforce and systems integrators to train workforce and plan for future work.

  5. Some Key Take-Aways • USGCB established with well thought out security measures in place, including SCAP (Security Content Automation Protocol) ready configuration. • NIST maintains key reference sites with all background required to implement USGCB standards. • See http://usgcb.nist.gov The Services Inside the Data Center Require Metrics And Continuous Monitoring. These Are The Metrics That Matter

  6. Can I get involved in the process? • NIST is managing this in a very open way. Inputs can come via agency or via public comment. • Additionally, since agencies can implement stricter security settings, internal agency coordination can result in more detailed guidance to meet your needs.

  7. An Issue With USGCB • As a baseline, the USGCB gives a great foundation, but cannot address one fundamental concern: Who has the keys to the kingdom? • To change anything of significance on any device, a person, or software, must have admin rights to the device. • Most approaches either give that to everyone and everything, or no one or nothing. This issue is leading to increased use of ViewFinity

  8. Please hold questions Till end of webinar

  9. This Presentation Prepared By: Bob Gourley CTOlabs.com http://twitter.com/bobgourley

More Related