FDCC/USGCB Support

Overview

The Federal Desktop Core Configuration/United States Government Configuration Baseline (USGCB) is a list of security settings recommended by the National Institute of Standards and Technology for computers that are connected directly to the network of a United States government agency.The purpose of the initiative is to create security configuration baselines for Information Technology products.

Feature Impact

UCMDB Web Interface. To establish a web connection with the UCMDB server, the Java Runtime Environment needs to be installed.

Infrastructure Activity. Using this activity to install or upgrade Universal Discovery Agents is not supported. Alternatively, use manual methods to deploy Universal Discovery Agent installation packages to nodes. For details, see How to Install the Universal Discovery Agent Manually.

How to Update Security Policy Settings for FDCC

This task describes how to make security policy configurations to ensure compliancy with the FDCC mandate after you manually deploy the Universal Discovery Agent.

  1. Allow firewall exceptions

    The FDCC security policy disables the Firewall Exceptions setting. Enable it either using local policy or domain policy by using the Group Policy Editor.

    1. Click Run and type gpedit.msc to open the Group Policy Editor.
    2. Select Local Computer Policy > Computer Configuration > Administrative Templates > Network >Network Connection > Windows Firewall > Standard Profile|Domain Profile.
    3. Double click "Windows Firewall- Do not allow exceptions".
    4. In the Properties dialog box, click Disabled.
  2. Create firewall exceptions

    The FDCC security policy disables the Firewall Exceptions setting. You must enable it either using local policy or domain policy by using the Policy Editor.

    1. Select Go to Local Computer Policy > Computer Configuration > Administrative Templates > Network >Network Connection > Windows Firewall > Standard Profile|Domain Profile.

      Note Paths may vary depending on the version of Windows.

    2. Double click Windows Firewall-Define the Inbound Program Exceptions.
    3. In the Properties dialog box, click Enabled.
    4. Click Show.
    5. In the Show Contents dialog box, create an entry for the Universal Discovery Agent. Follow the format conventions that are specified in the Options pane on the left side.

      Note Values vary depending on the configuration that you specified when deploying Scanners. The port number of the Universal Discovery Agent is 2738 or 7738. The path of the Universal Discovery Agent is <UDA_Home>\Micro Focus\Discovery Agent\bin32\discagnt.exe. For more information about Scanners and Scanner parameters, see Scanner Command Line Parameters Overview.

  3. Results

    Verify that the Universal Discovery Agent can communicate with the Data Flow Probe by invoking the Check Credentials option for any Universal Discovery Protocol credential. For more information, see <Protocol> Details Pane.

Related Topics Link IconRelated Information