The OMB previously issued a policy requiring agencies using or acquiring Windows XP and VISTA to adopt the Federal Desktop Core Configuration by February 1, 2008. This policy is consistent with 44 U.S.C. §3544(b)(2)(D)(iii) of the Federal Information Security Management Act of 2002, which requires agencies to ensure compliance with minimally acceptable security configurations when acquiring information technology. This policy does not, however, limit selection and acquisition to only information technology with established security configurations (e.g., the Federal Desktop Core Configuration).
When acquiring information technology it is important that agencies make use of adequate competition and maintain vendor neutral capital planning and control procedures. The effective use of competition reduces the risk of poor contract execution and yields better value at lower prices. OMB Circular A–11 and OMB Circular 130, as well as the Federal Acquisition Regulation (FAR), guide agency information technology investment decisions. These policies are intentionally technology and vendor neutral, and to the maximum extent practicable, agency implementation should be similarly neutral.