Re: [Fed-Talk] Filevault and FIPS
Re: [Fed-Talk] Filevault and FIPS
- Subject: Re: [Fed-Talk] Filevault and FIPS
- From: Allan Marcus <email@hidden>
- Date: Wed, 17 Dec 2008 11:42:34 -0700
interesting. We did an evaluation of eban last month. We haven't
tested it on intel macs, but it's good to hear it works. That is
probably the solution we will go with.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 17, 2008, at 10:27 AM, Taylor Armstrong wrote:
Just as a quick FYI on the secure wiping...
We've used DBAN (Derrick's Boot & Nuke) on our Windows machines for
a while. Now that our Macs are Intel, Dban works just fine, and has
a DOD-compliant 7 pass (or even the RCMP standard if you want it).
Dban has an enterprise version (Eban) which has full reporting
ability, drives s/n recording, etc.. Might be worth looking into
for a cross-platform solution.
Taylor
Allan Marcus wrote:
That is the current status.
We at LANL have no choice. Since FileVault is not NIST validated,
we are looking at alternatives like CheckPoint (formally PointSec).
There is a rumor that DOE has some sort of site license with
Checkpoint; I am working to find out more info.
We have a similar issue with secure erase. Apple secure file erase
will not meet DOE standards, so we are looking at ShredIt X. I've
spoken with the developer and he will be added a DOE method to the
ways file can be securely deleted.
As for erasing a partition, we are looking at requiring a 7 pass
wipe, then a zero data wipe. The reason for the final wipe is
because DOE requires two wipes with random data then one wipe with
a known pattern. The final known patter allows cyber forensics to
verify the erase. Again, neither Apple's secure file erase nor the
partition erase allow for this pattern. :-( I've opened tickets
with Apple tech support to have this changed, but I'm not hopeful.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 16, 2008, at 2:24 PM, Simon, Gary wrote:
Has anyone heard of any further status of Filevault and FIPS-140
Certification. The NIST Modules in Process List dated 12/15/2008:
http://csrc.nist.gov/groups/STM/cmvp/documents/
140-1/140InProcess.pdf
Still shows it IUT (Implementation Under Test).
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
W. Taylor Armstrong email@hidden
NOAA's National Ocean Service IT Support - AA/MB Team Lead 1305 East-
West Highway Phone (301) 713-2644 Silver
Spring, MD 20910 http://nos.noaa.gov
IT Support Request Email: email@hidden
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden