Ever heard of FDCC or SCAP?
If you work for or with the US federal government, you may have heard of the Federal Desktop Core Configuration (FDCC) program, as well as the Security Content Automation Protocol (SCAP). See these links for more information:
- https://csrc.nist.gov/fdcc/, which talks about the FDCC program.
- https://nvd.nist.gov/scap.cfm, which describes what SCAP is.
- https://www.microsoft.com/industry/government/federal/fdccdeployment.mspx, which shows how Microsoft Services can help you implement FDCC (using Microsoft Deployment Toolkit of course).
- https://blogs.technet.com/fdcc, the Microsoft Services FDCC team's blog, with all sorts of information about implementing FDCC.
My group, the Solution Accelerators Team, recently released a beta of a new tool that can also help with this: the SCAP Conversion Tool for DCM. See https://www.microsoft.com/downloads/details.aspx?FamilyID=22e5b9a0-fa7b-4d43-bcea-7084ae6f40f5&displaylang=en for the download. Basically, this tool will take an SCAP definition file and convert it into a Configuration Manager 2007 DCM configuration pack. Then you can use ConfigMgr to validate your compliance with the SCAP baselines.