Federal Desktop Core Configuration (FDCC) and United States Government Configuration Baseline (USGCB) Compliance

What is FDCC?

The Federal Desktop Core Configuration (FDCC) from the Office of Management and Budget (OMB) defines a standardized desktop configuration for Windows PCs in the Federal government to improve security.

What is USGCB?

The United States Government Configuration Baseline (USGCB) initiative evolved from the FDCC mandate to create security configuration baselines for the next evolution of Information Technology products widely deployed across the federal agencies (i.e Window 7, Windows & Firewall, Internet Explorer 8, etc.).

How Rapid7 Helps

Rapid7 Nexpose^®   is an SCAP-validated and FDCC certified tool, which allows organizations to scan their systems against specific configuration policies and security controls as mandated by the OMB through NIST.

Nexpose automatically identifies exploitable vulnerabilities and misconfigurations, providing unparalleled auditing and reporting capabilities to determine if a target system meets FDCC or USGCB compliance requirements. 

Federal agencies can leverage Nexpose's customizable executive reports summarizing risk by business area, assets and services; remediation reports with detailed steps for network administrators; and regulatory compliance and policy violation reports. Nexpose also provides trend reports to monitor progress and real-time notification when non-compliant configurations are discovered. In addition, Nexpose creates XCCDF reports as required by FDCC and USGCB for submission to the OMB.

Contact us to find out more about how Rapid7 can help you leverage open standards to build your on-going security risk management practices using Rapid7 Nexpose as your FDCC/USGCB SCAP-validated vulnerability management solution.