C&SS helpdesk
virus assistance
IT overview

helpdesk
virus alerts
site license software
directions / location
contact
staff directory
C&SS satisfaction survey

Baseline Configuration of Computer Equipment at the NCI-Frederick

Overview of the Baseline Configuration Process:

• Authorized employee submits a Purchase Request to the Purchasing Department.
• All IT Equipment must be purchased via a Purchase Request.
• Hint: C&SS will contact the person listed as the “Deliver To” when configuring the system.
• Waivers for “Special Use Computers” should be submitted concurrent with submission of the Purchase Request.
• Manufacturer delivers equipment to Central Receiving.
• All equipment must be delivered to Central Receiving, Building 1050.
• ALS staff records equipment information into Property Accountability System.
• ALS staff delivers equipment to C&SS Central Configuration, Building 1050.
• C&SS Staff formally receives equipment.
• Equipment entered into Service Desk system for employee listed as delivery point.
• Online Tracking Number e-mailed to employee listed as delivery point.
• C&SS staff contacts employee listed as delivery point to ascertain any additional work requested (additional software installations, configuration preferences, etc.) or arrange for delivery of “Special Use Computers” (see below).
• For all other equipment, C&SS performs Baseline Configuration Activities (detailed below).
• C&SS records work performed in Service Desk system.
• C&SS arranges for delivery of equipment to delivery point.
• Employee listed as delivery point formally accepts receipt of equipment.
• C&SS documents receipt by employee listed as delivery point in Service Desk System.
• Employee listed as delivery point notified of request completion by e-mail.

Process Diagram…

Waiver for Special Use Equipment:
Program areas may request to configure special-use computers directly by completing a “Baseline Configuration Waiver.”   “Special Use Equipment” may be a system connected to scientific equipment, or may be a computer intended to be used as a production server.

The “Waiver for Special Use Equipment” will be signed by a representative of the NCI-Frederick Office of Scientific Operations. Upon receipt of the waiver, C&SS will arrange for delivery to the recipient program area.

Note: all systems must be verified for compliance with applicable security policies by C&SS before the equipment is placed into service.
Waiver Form TBD …

Baseline Activity	Authority / References	Current Approach	Planned Approach
Installation of Operating System	NIH Initial Security Configuration Policy	Manual and Scripted Installations	Hardware Independent Provisioning via Cross Platform ITAM System
Application of Federal Desktop Core Configuration (for Desktops)	OMB M-07-11, Implementation of Commonly Accepted Security Configurations for Windows Operating Systems HHS FDCC Standard	Windows Only: Applied via GPO or Manual Process	Applied to Windows, OSX and supported Linux Desktops Automatically via GPO
Application of Minimum Security Configuration (for Servers)	HHS Security Configuration Standards	Applied via Manually Process by Local IT Staff (with Waiver)	Applied via GPO or Manually by Local IT Staff (with Waiver)
Installation and Configuration of Centralized Anti-Virus	NIH Automatic Update of the Anti-Virus Software Policy; Memorandum from Dr. Craig Reynolds	Windows: NCI-F McAfee EPO Service OSX:	Windows: NCI-F McAfee EPO OSX:
Installation and Configuration of Centralized Patch Management	NIH Patch Management Policy; Memorandum from Dr. Craig Reynolds	Windows: NCI-F WSUS Service OSX: Apple Update Linux/Unix: Not Centrally Supported	Cross Platform ITAM System for NCI-F
Whole Disk Encryption for Laptop Computers (with Centralized Key Management)	HHS Laptop Encryption Policy; NIH Initial Security Configuration Policy	Windows: NCI-F PointSec OSX: FileVault	Windows, OSX: COTS Whole Disk Encryption Solution
Installation and Configuration of ReachPlus Communication Tool	Memorandum from Dr. Craig Reynolds	For Windows-based Desktops Only	For Windows-based Desktops Only
Installation and Configuration of Client for Centralized Asset Management	NIH Initial Security Configuration Policy	Manual Audit of Systems	Cross Platform ITAM System for NCI-F
Register Computer in NIH AD Container	NIH Active Directory Architecture Standards	Selective Inclusion during NCI-F AD Consolidation Period	Fully Consolidated NCI-F AD