[Fed-Talk] Fed-Talk monthly FAQ
[Fed-Talk] Fed-Talk monthly FAQ
- Subject: [Fed-Talk] Fed-Talk monthly FAQ
- From: Rex Sanders <email@hidden>
- Date: Wed, 30 Sep 2009 18:00:00 -0700
Comments, corrections, additions welcome.
-- Rex Sanders, USGS
rsanders ---at--- usgs.gov
Fed-Talk mailing list
Frequently Asked Questions
Emailed monthly to fed-talk ---at--- lists.apple.com.
Last update: September 24, 2009.
Contents:
----- How can I get on or off the Fed-Talk mailing list?
----- How can I search the Fed-Talk archives before mailing my question to the entire list?
----- How can I browse the Fed-Talk archives?
----- Why doesn't Apple support the Enterprise market?
----- How can Apple sell Macs (or iPhones) to the Government when they don't do "Z"?
----- How can I ask Apple to support Z?
----- How can I get my CAC card to work with Login, Mail, Entourage, Notes, ...?
----- Where can I find Mac OS X security guidelines or STIGs?
----- Where can I find iPhone security guidelines or STIGs?
----- Where is Apple's iPhone security guide?
----- What is the Army Golden Master? What is it's status?
----- What is FDCC? Where is the Mac OS X FDCC?
----- How do I meet the OMB M-06-16 requirement for encryption on Mac OS X?
----- How can I buy Apple products for the Federal Government?
----- How can I buy Macs without cameras, Bluetooth, or WiFi hardware?
----- Can't you disable cameras, Bluetooth, or WiFi with software, duct tape, SuperGlue, etc.?
----- How can I make iTunes iPhone app purchases using a Government charge card, without paying sales tax?
----- Can I buy Apple products for personal use with a discount?
----- Does Apple have a web site for Federal Government customers?
==========
----- How can I get on or off the Fed-Talk mailing list?
See the footer in every Fed-Talk message.
See also http://lists.apple.com/mailman/listinfo/fed-talk
Do not send subscribe or unsubscribe requests to the entire list.
----- How can I search the Fed-Talk archives before mailing my question to the entire list?
In theory you can use Apple's mailing list search engine from the Fed-Talk home page:
http://lists.apple.com/mailman/listinfo/fed-talk
In practice, Google works much better:
http://www.google.com/search?q=site:lists.apple.com+Fed-Talk
----- How can I browse the Fed-Talk archives?
http://lists.apple.com/archives/Fed-talk
----- Why doesn't Apple support the Enterprise market?
Apple is primarily a Consumer company, and is not focused on Enterprise or Federal Government issues. Apple does support the Enterprise market, just differently from other IT vendors. Attend WWDC to get some idea of the scope and depth of Apple's support for the Enterprise market.
Probably what concerns you is support for your favorite Enterprise-like feature, service, or process.
----- How can Apple sell Macs (or iPhones) to the Government when they don't do "Z"?
The Federal Government is a large, diverse market. Just because Z is required in your part, doesn't mean Z is required in every part. Just because OMB/NIST/... requires Z for the entire Government, doesn't mean Z is being enforced everywhere uniformly. Apple manages to sell plenty of Macs and iPhones to many parts of the Federal Government without Z. Please make clear in your messages that *your part* of the Government requires Z now.
For "Z", substitute your favorite feature, service, or process.
----- How can I ask Apple to support "Z"?
- Contact your agency's Apple sales rep, who will probably tell you to ...
- Get a free Apple Developer Connection account at http://developer.apple.com. Post a detailed request on http://bugreport.apple.com. Indicate approximately how many Macs are affected. Be realistic, and report numbers only for your part of the Government. Report the bug number to your Apple sales and engineering reps. Yes, reporting a feature request through the bug tracking system is the correct method. You should get a reply from Apple. You won't always get a reply you like.
- Send email to feedback ---at--- apple.com. You are not likely to get a reply from Apple.
- Posting your request on Fed-Talk will not work. You might get sympathy from other list members.
----- How can I get my CAC card to work with Login, Mail, Entourage, Notes, ...?
Try these instructions:
https://sites.google.com/a/compsolve.net/mac-cac/
Also try these Entourage instructions:
http://lists.apple.com/archives/fed-talk/2009/Jul/msg00002.html
----- Where can I find Mac OS X security guidelines or STIGs?
Your best source is within your part of the Federal Government. If you can't find one ...
Apple Security Guides:
http://www.apple.com/support/security/guides/
Center for Internet Security:
http://www.cisecurity.org/bench_macosx.html
http://www.cisecurity.org/tools2/osx/CIS_MacOSX_10.5_Benchmark_v1.0.pdf
You should not adopt these guides wholesale, they are the starting point for a STIG (Security Technical Implementation Guide) specific to your part of the Government.
Snow Leopard (Mac OS X 10.6) security guides will likely take several months to appear from these sources. Until then, you are on your own.
----- Where can I find iPhone security guidelines or STIGs?
Your best source is within your part of the Federal Government. If you can't find one ...
iPhone OS 2.2.1:
Center for Internet Security (under Mobile Devices near the bottom):
http://www.cisecurity.org/benchmarks.html
http://www.cisecurity.org/tools2/iphone/CIS_iPhone_2.2.1_Benchmark_v1.0.0.pdf
Or possibly this one for iPhone OS 3.1 with MMS:
http://lists.apple.com/archives/Fed-talk/2009/Sep/msg00200.html
You should not adopt these guides wholesale, they are the starting point for a STIG (Security Technical Implementation Guide) specific to your part of the Government.
----- Where is Apple's iPhone security guide?
Not available at this time.
----- What is the Army Golden Master?
AGM is a standard, secure Windows or Mac OS X image for the Army, preloaded with approved applications. AGM is shipped on Mac purchases from the Army's Consolidated Buy
https://chess.army.mil/ascp/commerce/consolidatedBuy/index.jsp
----- What is FDCC? Where is the Mac OS X FDCC?
The Federal Desktop Core Configuration is a project to create and use standard, secure configurations for Federal desktop computers. http://fdcc.nist.gov
FDCC configurations for Windows XP and Vista have been released and widely implemented.
Mac OS X FDCC development is in progress. No ETA.
---- How do I meet the OMB M-06-16 requirement for encryption on Mac OS X?
You mean the one we were supposed to have fully deployed by August 7, 2006? You need encryption using FIPS 140-2 validated cryptographic modules.
http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf
Some parts of the Government have approved interim or final encryption methods for Mac OS X. Ask your security people.
Apple is in progress to get FIPS 140-2 validation for Mac OS X security modules. No ETA. Filevault or Disk Utility encrypted disk images might meet your needs for interim encryption.
Some third party products support FIPS 140-2 validated encryption for Mac OS X.
According to http://lists.apple.com/archives/fed-talk/2009/Aug/msg00058.html
"A short list of the top three _who work very closely with Apple_ are:"
CheckPoint - PointSec PC for Mac
http://www.checkpoint.com/products/datasecurity/pc/
PGP - Whole Disk Encryption
http://www.pgp.com/products/wholediskencryption/
WinMagic - SecureDoc
http://www.winmagic.com/products/full-disk-encryption-for-mac
WinMagic SecureDoc is available on the GSA/DOD Data At Rest BPA
http://www.gsa.gov/Portal/gsa/ep/contentView.do?contentType=GSA_BASIC&contentId=23172
Other vendors may have FIPS 140-2 validated encryption products for Mac OS X, including encrypted disk drives and flash drives.
Ask potential vendors for their specific FIPS 140-2 certification number for that particular Mac OS X product. Then check the NIST list of validated modules:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
Some vendors confuse using a FIPS 140-2 accepted algorithm (e.g. 3DES, AES), with having a FIPS 140-2 validated solution. Writing buggy encryption software is easy. Getting FIPS 140-2 validation is hard. Caveat emptor.
----- How can I buy Apple products for the Federal Government?
Follow the purchasing rules for your part of the Government - every part is different. Some sources that might be available to you include:
- Apple online store for Government charge card purchases
http://www.apple.com/r/store/government/smartpay.html
- Apple GSA schedule and other major Federal contracts:
http://www.apple.com/r/store/government/reseller.html
- Apple resellers on GSA schedule:
https://www.gsaadvantage.gov
- NASA SEWP:
http://sewp.nasa.gov/
- Army CHESS Consolidated Buy
https://chess.army.mil/ascp/commerce/consolidatedBuy/index.jsp
----- How can I buy Macs without cameras, Bluetooth, or WiFi hardware?
Two Apple resellers are authorized to remove these devices from Macs before shipping them to you:
- Holman's http://www.holmans.com
- Intelligent Decisions http://www.intelligent.net
These modified Macs must be serviced by these resellers under Apple warranty or AppleCare. You cannot send modified Macs directly to Apple for warranty or AppleCare repair.
----- Can't you disable cameras, Bluetooth, or WiFi with software, duct tape, SuperGlue, etc.?
Yes. However, some parts of the Federal Government require removal of the offending parts.
----- How can I make iTunes iPhone app purchases using a Government charge card, without paying sales tax?
Move to a state without sales tax?
Apple knows this is a problem. At this time, the only solution is to make the purchase with sales tax, then contact your Apple sales rep to get the tax removed after the fact. Yes, that's a lot of work to remove a few cents from a 99 cent purchase.
----- Can I buy Apple products for personal use with a discount?
Apple offers a Federal Employee Purchase Plan, with discounted prices on many items, for all Federal Employees. Apple offers similar plans to many other large corporations. Yes, this is legal. http://www.apple.com/r/store/government/epp.html
Some Fed-Talk readers report better discounts, and no sales tax collection, purchasing through Amazon. Caveat emptor.
----- Does Apple have a web site for Federal Government customers?
http://www.apple.com/federal
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden