As many of us have seen, several companies have invested time and development cycles to provide products to the US government to meet the OMB requirements for FDCC implementation compliance. There are now nine vendors, including McAfee’s Policy Auditor, that are certified within the SCAP program.
The one item that has not received the same press and focus as FDCC scanning and workstation compliance is the explicit definition stating: “The provider of information technology shall certify applications are fully functional and operate correctly as intended on systems using the Federal Desktop Core Configuration (FDCC).”
McAfee not only has certified Policy Auditor as a FDCC scanner, but we have also incorporated the self certification testing as defined by OMB for all of our enterprise host based security tools.
During our normal QA process, these products will be tested to ensure they maintain the integrity of the FDCC configurations. This will include the initial certification as well as the on-going re-certification for major product releases.
This initiative, coupled with what we hope to be the same initiative from other application vendors, should add value to the FDCC directive for increasing workstation security in the federal government.
As one of the key security vendors to the US government with a full suite of security products and solutions, we see this self certification requirement as necessary to helping ensure our customers meet the full compliance measurements of FDCC.
For the complete definition of these requirements, you can see the OMB memorandum here: