The United States Government Configuration Baseline - USGCB and FDCC Configuration Baselines

The USGCB supersedes the original FDCC and provides recommended configuration build-standards primarily to safeguard security. The security checklists formulated are published in the National Vulnerability Database (see http://web.nvd.nist.gov/view/ncp/repository)

“The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security” source http://usgcb.nist.gov/

fdcc

Importantly the USGCB is always positioned as a recommendation for security settings but that each Agency is invited to implement a build standard with security settings that go beyond the USGCB. NNT Change Tracker Enterprise can directly utilize the OVAL and SCAP content from the NVD, providing an easy to use and highly affordable means to automatically audit devices for compliance with USGCB build standards. Reporting and monitoring templates are simple to modify where extended build standard requirements need to be incorporated.

Better still, Change Tracker will then continuously operate NIST 800-53 controls for ‘Software, Firmware and Information Integrity’, and ‘Configuration Management Policy and Procedures’. In addition, NNT Change Tracker is one of only a few products that have been Certified by the Center For Internet security for reliably and accurately auditing CIS Benchmark checklists.

Additional FDCC USGCB Resources

Compliance Blog - FDCC-USGCB