The Office of Management and Budget is currently evaluating reports submitted by federal agencies and could not yet give an estimate of the degree to which companies have met the requirement, an OMB representative told SecurityFocus. Agencies have until the end of March to submit their compliance reports and highlight issues that need to be resolved.

Securing government systems has become a major focus of some members of Congress following successful attacks that stole sensitive data from the Departments of State, Commerce, Energy, Homeland Security and Defense, among others. While the overall grade on an annual computer security report card mandated by the Federal Information Security Management Act (FISMA) has slowly crept higher, many agencies still fail the annual compliance exercise.

The Federal Desktop Core Configuration may do a more effective job of bettering basic security practices among agencies, said Jim Hansen, senior product manager for configuration management firm BigFix.

"Agencies have been failing FISMA for years, and what has happened? Not much," Hansen said. "A slap on the wrist, a newspaper article, and that's it.

With the FDCC, government agencies will be required to maintain systems with specific settings, and third-party application makers will have to make sure that their software works under the more secure settings. As a result, the systems will be better managed and more secure, Hansen said.

"Any time that you more securely configure your systems, you are going to be less impacted by a breach," he said.

The focus on securing Windows systems has increased pressure on software vendors to better secure their applications and make certain that the applications work without the end user running in Administrator mode on Windows. Most government agencies are delaying the move to Windows Vista until vendors demonstrate a working FDCC-compliant system, according to a recent post on security firm Tenable's blog.

In the end, the federal government's focus on security should result in applications and operating systems that work better in more secure configurations, said Bruce Schneier, chief technology officer for managed security provider BT Counterpane.

"This is government using its buying power," Schneier said. "By forcing companies to make better software with more reliability, we all benefit."

If you have tips or insights on this topic, please contact SecurityFocus.