The Federal Desktop Core Configuration (FDCC), developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DoD) and the Department of Homeland Security (DHS), provides a set of security configuration standards by which all federal agencies must adhere to as mandated by the Office of Management and Budget (OMB).
Lumension enables agencies to comply with FDCC standards by providing a Security Content Automated Protocol (SCAP) Validated FDCC Scanner that assesses, standardizes and reports against required configurations.
Securing Endpoint Configurations and Enabling FDCC Compliance
Lumension® Vulnerability Management solution ensures that agency endpoint configurations are compliant with the standards outlined in the FDCC. Through import of SCAP policy templates, network and agent-based scanning, policy enforcement and enterprise reporting, Lumension® Vulnerability Management solution automatically checks the security properties of network devices and effectively maps security configuration controls to these enterprise endpoints to enforce proper configurations and report against FDCC requirements to prove compliance.
Lumension® Vulnerability Management solution includes
- Lumension® Patch and Remediation - Proactive management of threats through automated collection, analysis, and delivery of patches (all major operating systems and applications) across heterogeneous networks.
- Lumension® Scan - Complete network-based scanning solution enables assessment and analysis of threats impacting all network devices.
- Lumension® Security Configuration Management - Out-of-the-box regulatory and standards-based assessment to ensure endpoints are properly configured.
- Lumension® Content Wizard - Create custom remediation packages to address configuration issues, remove unauthorized files and applications, address zero-day threats, patch custom software and more.
By delivering a comprehensive vulnerability management solution that includes an SCAP Validated FDCC Scanner, Lumension enables federal agencies to:
- Manage Policy - Define, edit and import/export security configuration policies from SCAP documents
- Assess Policy - Assess and apply appropriate policies to applicable systems in a flexible manner
- Enforce Policy - Enforce and maintain required security configurations by automating the remediation process of non-compliant machines
- Report Policy Compliance - Report on policy compliance with required security configurations, including high level and detailed views of the enterprise endpoint configurations, such as total percent of compliant vs. non-compliant machines, detailed information on individual devices and many more