Re: [Fed-Talk] Filevault and FIPS
Re: [Fed-Talk] Filevault and FIPS
- Subject: Re: [Fed-Talk] Filevault and FIPS
- From: Taylor Armstrong <email@hidden>
- Date: Wed, 17 Dec 2008 12:27:36 -0500
Just as a quick FYI on the secure wiping...
We've used DBAN (Derrick's Boot & Nuke) on our Windows machines for a
while. Now that our Macs are Intel, Dban works just fine, and has a
DOD-compliant 7 pass (or even the RCMP standard if you want it). Dban
has an enterprise version (Eban) which has full reporting ability,
drives s/n recording, etc.. Might be worth looking into for a
cross-platform solution.
Taylor
Allan Marcus wrote:
That is the current status.
We at LANL have no choice. Since FileVault is not NIST validated, we
are looking at alternatives like CheckPoint (formally PointSec). There
is a rumor that DOE has some sort of site license with Checkpoint; I
am working to find out more info.
We have a similar issue with secure erase. Apple secure file erase
will not meet DOE standards, so we are looking at ShredIt X. I've
spoken with the developer and he will be added a DOE method to the
ways file can be securely deleted.
As for erasing a partition, we are looking at requiring a 7 pass wipe,
then a zero data wipe. The reason for the final wipe is because DOE
requires two wipes with random data then one wipe with a known
pattern. The final known patter allows cyber forensics to verify the
erase. Again, neither Apple's secure file erase nor the partition
erase allow for this pattern. :-( I've opened tickets with Apple tech
support to have this changed, but I'm not hopeful.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 16, 2008, at 2:24 PM, Simon, Gary wrote:
Has anyone heard of any further status of Filevault and FIPS-140
Certification. The NIST Modules in Process List dated 12/15/2008:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf
Still shows it IUT (Implementation Under Test).
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
W. Taylor Armstrong email@hidden
NOAA's National Ocean Service IT Support - AA/MB Team Lead
1305 East-West Highway Phone (301) 713-2644
Silver Spring, MD 20910 http://nos.noaa.gov
IT Support Request Email: email@hidden
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden