Microsoft and CESG have worked together on a collaborative project to produce a best practice framework for configuring Windows 7 for its use within UK Government, taking account of the increased threat and risk that a government department faces. This guidance is called the Government Assurance Pack (GAP) for Windows 7.
Examination of Windows 7 has enabled the development of a UK Government specific configuration of Windows 7 combining tailored group policy with Microsoft best-practices. Close working enabled by the Microsoft Government Security Programme (GSP) has allowed CESG and Microsoft to collaborate on this lockdown building on previous work on Windows Vista and Windows XP GAP lockdowns. Feedback from those previous versions has allowed the collaboration to develop a secure configuration using new features and security configurations in Windows 7 that have minimal impact on the user experience.
The GAP provides a common starting point for departments or their system integrators to build a more secure workstation environment. The configuration is primarily aimed at central government departments however its guidance can be adapted to suit the range of threat scenarios faced across UK government. As the GAP uses the configuration of existing capabilities within Windows 7, it is fully supported by Microsoft.
In terms of security then the following Windows 7 features are significant:
To obtain the GAP and BitLocker Guidance a UK Government department or agency must ask for it via their CESG contact. The documentation and configuration packs are only available from CESG to UK Government directly – third parties contracted to implement government systems should obtain the guidance through their sponsoring department or agency. Guidance is also available to CESG Listed Advisor Scheme (CLAS) consultants.
Microsoft can also offer a consulting engagement to support Windows 7 GAP deployments and for more information please email firstname.lastname@example.org
Posted by Dan