[LINK] $65bn for a Vista SOE!

COLLETT Martin Martin.COLLETT at publicworks.qld.gov.au
Mon Apr 2 18:21:38 AEST 2007 

Greetings All,

 

A change of pace with another round of exciting USA news..

http://www.theregister.co.uk/2007/03/22/us_common_security_config/

 

It looks like the USA is making a stand and dictating how and which
vendors can deal with them.

The old saying of "Put up or Shut up" comes to mind.

Shame that it has to be initiated around M$ Vista... and for what looks
like a $65bn SOE!

 

Another interesting point is the reference back to Common Criteria.

Isn't this why Common Criteria was initiated?

 

Regards,

Martin Collett | Strategic Technology Architect | Dept of Public Works 
P:    (07) 3235 9369
M:   (0419) 554 558
E:    Martin.Collett at qld.gov.au <mailto:Martin.Collett at qld.gov.au>  

 

<snip> 

Feds mandate 'secure' Windows set-up

Changes in US government purchasing policies due to come into effect
this summer could have a huge effect on computer security, particularly
for Windows desktops.

A White House directive to federal chief information officers issued
this week calls for all new Windows PC acquisitions, beginning 30 June,
to use a common "secure configuration". Applications (such as
anti-virus, email etc) loaded onto systems remain flexible but what will
be specified in the registry settings and which services would be turned
on or off by default

Even more importantly, the directive calls for suppliers (integrators
and software vendors) to certify that the products they supply operate
effectively using these more secure configurations.

The federal government scheme builds on the "comply or don't connect"
program of the US Air Force. The principal targets are Windows XP and
Vista client systems but the same ideas might be applied in Unix and
Windows Servers environments over time. The schedule for introduction
gives application developers building applications for Windows Vista to
test against. The incentives for developers to get this right will be
huge.

"No Vista application will be able to be sold to federal agencies if the
application does not run on the secure version of Vista," explained Alan
Paller, director of research at The SANS Institute. "XP application
vendors will also be required to certify that their applications run on
the secure configuration of Windows XP.

Common, secure configurations reduce the effort required to patch
systems. Such configurations directly block certain modes of attack.
Improved security is likely to save money for application developers and
integrators because it reduces support costs in the long-run, Paller
told El Reg. "Organizations that have made the move report that it
actually saves money rather than costs money."

"The principal frustration has been you can't always patch systems
quickly because they might break applications. Software developers point
out that they can't test against every different configuration as user
might have. From summer developers will be able to make sure their
patches work on more securely configured systems, reducing the patching
headache and saving costs," he explained.

The purchasing power attached to the $65bn federal IT spending budget
means that suppliers will have no choice but to take notice. Paller said
the scheme is likely to be adopted by large organisations outside
government.

Kit purchased by governments needs to meet common criteria standards and
this will remain the case even after the new programme kicks off in the
summer. Paller said that common criteria is a measure of the design
documentation of products. "This, on the other hand, specifies that the
kit will be set up in the right way. The two approaches are
complementary but different," he added.

 


***************************** Disclaimer *****************************

The contents of this electronic message and any attachments are intended only for the addressee and may contain privileged or confidential information. They may only be used for the purposes for which they were supplied. If you are not the addressee, you are notified that any transmission, distribution, downloading, printing or photocopying of the contents of this message or attachments is strictly prohibited. The privilege of confidentiality attached to this message and attachments is not waived, lost or destroyed by reason of mistaken delivery to you. If you receive this message in error please notify the sender by return e-mail or telephone.

Please note: the Department of Public Works carries out automatic
software scanning, filtering and blocking of E-mails and attachments (including emails of a
personal nature) for detection of viruses, malicious code, SPAM, executable programs or content it deems
unacceptable. All reasonable precautions will be taken to respect the privacy of
individuals as outlined in the DPW Privacy Plan. Personal information will only be used for official
purposes, e.g. monitoring Departmental Personnel's compliance with Departmental Policies.
Personal information will not be divulged or disclosed to others, unless as required by Departmental
Policy and/or State or Commonwealth Law.

Thank you.

More information about the Link mailing list