Re: [Fed-Talk] Filevault and FIPS
Re: [Fed-Talk] Filevault and FIPS
- Subject: Re: [Fed-Talk] Filevault and FIPS
- From: James Alcasid Veterans Affairs <email@hidden>
- Date: Wed, 17 Dec 2008 12:16:17 -0500
- Thread-topic: [Fed-Talk] Filevault and FIPS
Title: Re: [Fed-Talk] Filevault and FIPS
Gary,
Interesting observation regarding CheckPoint. You may look into PGP Professional. They have a whole disk encryption product using modules that are FIPS 140-2.
From: "Simon, Gary" <email@hidden>
Date: Wed, 17 Dec 2008 11:59:56 -0500
To: "Marcus, Allan B. (LANL)" <email@hidden>
Cc: fed-talk <email@hidden>
Subject: Re: [Fed-Talk] Filevault and FIPS
We have been told by our Cyber Security folks that we cannot use CheckPoint due to the fact that it is an Israeli product. We have been looking at a Mac version of Credant, but my testing does not show it to be ready for prime time at this point. At this point I do not see a viable solution for disk encryption on the Mac that will meet the DOE requirements.
With the situation with cameras in all the new laptops and monitors (the display is a single unit and Holman’s cannot open it to disable the camera) and the lack of a disk encryption solution, I can foresee a ban on Mac laptops coming. I hope I’m wrong.
Gary
On 12/17/08 9:45 AM, "Allan Marcus" <email@hidden> wrote:
That is the current status.
We at LANL have no choice. Since FileVault is not NIST validated, we
are looking at alternatives like CheckPoint (formally PointSec). There
is a rumor that DOE has some sort of site license with Checkpoint; I
am working to find out more info.
We have a similar issue with secure erase. Apple secure file erase
will not meet DOE standards, so we are looking at ShredIt X. I've
spoken with the developer and he will be added a DOE method to the
ways file can be securely deleted.
As for erasing a partition, we are looking at requiring a 7 pass wipe,
then a zero data wipe. The reason for the final wipe is because DOE
requires two wipes with random data then one wipe with a known
pattern. The final known patter allows cyber forensics to verify the
erase. Again, neither Apple's secure file erase nor the partition
erase allow for this pattern. :-( I've opened tickets with Apple tech
support to have this changed, but I'm not hopeful.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 16, 2008, at 2:24 PM, Simon, Gary wrote:
> Has anyone heard of any further status of Filevault and FIPS-140
> Certification. The NIST Modules in Process List dated 12/15/2008:
>
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf
>
> Still shows it IUT (Implementation Under Test).
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden