The United States Government Configuration Baseline (USGCB) – which emerged from the Federal Desktop Core Configuration (FDCC) – was developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DoD), and the Department of Homeland Security (DHS). It provides a set of security configuration standards by which all federal agencies must adhere to as mandated by the Office of Management and Budget (OMB). USGCB is designed to provide federal agencies with configuration criteria by which to measure and remediate the IT endpoint assets within under their purview.

USGCB compliance is intended to reduce costs for both the deployment and management of desktop systems, as well as enable more consistent and better documented security. It requires specific reports be generated by every federal agency to demonstrate compliance. Lumension enables agencies to comply with USGCB standards by providing a Security Content Automated Protocol (SCAP) validated USGCB scanner that assesses, standardizes and reports against required configurations.

Securing Endpoint Configurations and Enabling USGCB Compliance

Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) unifies the functions of IT operations and security through a single console, server, and agent architecture to seamlessly and more effectively address IT risk and systems management requirements across the agency. L.E.M.S.S. provides a defense-in-depth approach to IT security, protecting against wide variety of threat vectors, including advanced persistent threats (APTs).

Lumension solutions ensure that agency endpoint configurations are compliant with the standards outlined in the USGCB by importing SCAP policy templates, running network and agent-based scans, enforcing policy and providing network-wide reports. L.E.M.S.S. automatically checks the security properties of network devices and effectively maps security configuration controls to these agency endpoints to enforce proper configurations and report against USGCB requirements to prove compliance.

The Lumension® Endpoint Management and Security Suite includes several modules which support USGCB compliance:

  • Lumension® Patch and Remediation – Proactive management of threats through automated collection, analysis, and delivery of patches (all major operating systems and applications) across heterogeneous networks.
  • Lumension® Security Configuration Management – Out-of-the-box regulatory and standards-based assessment to ensure endpoints are properly configured.
  • Lumension® Content Wizard – Create custom remediation packages to address configuration issues, remove unauthorized files and applications, address zero-day threats, patch custom software and more.

By delivering a comprehensive vulnerability management solution that includes a SCAP-validated USGCB scanner, Lumension enables federal agencies to:

  • Manage Policy – Define, edit and import/export security configuration policies from SCAP documents.
  • Assess Policy – Assess and apply appropriate policies to applicable systems in a flexible manner.
  • Enforce Policy – Enforce and maintain required security configurations by automating the remediation process of non-compliant machines.
  • Report Policy Compliance – Report on policy compliance with required security configurations, including high level and detailed views of the agency endpoint configurations, such as total percent of compliant vs. non-compliant machines, detailed information on individual devices and many more.