What SCAP deadline?
- TAGS:FDCC, FISMA, Lumension, SCAP, security
- IT TOPICS:Applications, Desktop Apps, Government & Regulation, Management, Security, Windows
 Groundhog's Day is almost here. But it won't just be Punxsutawney Phil who'll be raising his furry head. Beginning in February, auditors from the U.S. Inspector General's Office will begin popping up in government CIOs offices and asking whether they've implemented the Security Content Automation Protocol (SCAP) as part of the effort to prove compliance with the Federal Desktop Core Configuration (FDCC) settings, which was a result of the Federal Information Security Act (FISMA) of 2002. SCAP is a standard, machine-readable approach to automate the assessment of Windows desktops and laptops to assure that the machines are properly patched, have the right anti-virus software and use strong passwords.
At least one vendor doubts many of those government CIOs will be handing the auditors a complete report on their progress toward an FDCC-ready world. According to Steven Antone, vice president federal solutions group for Lumension Security Inc. in Scottsdale, Az., "They'll have difficulty meeting the deadline." Despite the likelihood auditors will not sign off on millions of government PCs, Antone doesn't think the CIOs will get in immediate hot water. That will come in 2010 when, he says, FISMA provisions kick in. By then, Antone speculates, "the OMB will put teeth into the mandate and start hacking budgets." What's the holdup? Everything from late changes to specifications, IT learning curves, establishing standards for waivers and the sheer number of PCs involved.
Free Insider Guide