OMB to require standard Windows desktop configuration

The Office of Management and Budget will require agencies to move to a standard configuration for Microsoft Windows desktop by Feb.1, 2008. In a memo that will be signed off on as early as today by OMB Deputy Director for Management Clay Johnson, and supplemented by an e-mail that went out today to CIOs from OMB Administrator for E-government and IT Karen Evans, the White House is expanding the work the Air Force did with Microsoft Corp. governmentwide. Starting in 2004, the Air Force began shifting more than 525,000 desktop computers to three predetermined configurations. It also preconfigured all software on its computers with security settings specific to Air Force requirements. The Army also is following the Air Force’s lead and implementing the standard configuration. The National Institute of Standards and Technology worked with the Air Force and other Defense Department agencies to develop guidance about securing Windows operating systems, including XP and Vista. OMB is making this guidance mandatory in order to improve IT security across the government, experts said. OMB’s memo will require agencies to develop plans by May 1 on how they will implement the standard configuration, said a government official familiar with the memo but who requested anonymity because the document hadn’t been issued. The plans must include how they will test the configuration, automate enforcement to use these permitted structures, restrict administrator rights and address other issues. Agencies by June 30 also must make sure all newly purchased desktops and other hardware and software purchases include the standard configuration, the official said. “This should make it easy for everyone, agencies and vendors, because there is nothing subject to interpretation,” the official said. “The developers will have to develop against the same configuration.”