By “exemption.” I assume Michael officially means EXCEPTION
(which requires “acceptance of risk,” ***IN WRITING*** –
signed/faxed/filed from a govvie in authority representing the data owner).
Furthermore, if you broaden the definition from anti-virus to anti-malware,
then it gets even worse (Gold-Disk/DISA SRR expects and evaluates Anti-Spyware as
well).
On the bright side, justification for lack of
8500/5200-defined controls is usually doable if you can demonstrate to your
govvie/sponsor that the STIG-shortcoming is (a) required to accomplish the
task/function defined under contract, and (b) not a threat to the C/I/A (Confidentiality/Integrity/Availability).
I wish somebody from Apple would figure out sooner than later
that “We’re immune because we’re not Windows” ain’t
gonna cut it.
I like MacOS, but the Apple folks MUST get with the program, or
they WILL be shut out.
n PT
From: Ron Colvin
[mailto:email@hidden]
Sent: Friday, April 25, 2008 3:02 PM
To: email@hidden
Subject: Re: [Fed-Talk] Someday is here UNCLASSIFIED (UNCLASSIFIED)
Michael wrote:
On Apr 25, 2008, at 2:30 PM, Traynor, Paul I
wrote:
> Actually, both NISPOM and DIACAP do require anti-virus software for
> all
> systems, including Macs.
All Linux and Unix systems too? They have a lot of systems with
some
type of exemption, the ones I know about just aren't desktop or laptop
systems and they are both unclassified and classified systems. The
ones I'm thinking of are things like the high performance systems at
the Army Research Laboratory for example. SGI Altix's, Networx
systems, and others.
NIST Security Plan common
controls reference malware prevention. Many Agencies specify Anti-Virus across
the board as a security measure for compliance sake.
--
***************************************************************
Ron Colvin
Enterprise Integration Engineer Code 700
DCSE Code 100 & 110
NASA - Goddard Space Flight Center
<email@hidden>
Direct phone 301-286-2451
NASA Jabber (email@hidden) AIM rcolvin13
NASA LCS (email@hidden)
****************************************************************