RE: [Fed-Talk] DISA STIG for 10.5
RE: [Fed-Talk] DISA STIG for 10.5
- Subject: RE: [Fed-Talk] DISA STIG for 10.5
- From: "Coradeschi, Tom CIV USA" <email@hidden>
- Date: Thu, 16 Dec 2010 14:18:55 -0500
- Thread-topic: [Fed-Talk] DISA STIG for 10.5
Appreciate the comments. FYI, MAC means Mission Assurance Category
because that's what DoDI 8500.2 (E2.1.38) says it means.
http://www.dtic.mil/whs/directives/corres/pdf/850002p.pdf for more info.
Tom Coradeschi
Chief, Systems Engineering & Technology Integration Div
PM Maneuver Ammunition Systems
NIPR: email@hidden SIPR: email@hidden
973-724-4344 (ofc) 862-251-3089 (cell)
-----Original Message-----
From: fed-talk-bounces+tom.coradeschi=email@hidden
[mailto:fed-talk-bounces+tom.coradeschi=email@hidden] On
Behalf Of Todd Heberlein
Sent: Thursday, December 16, 2010 1:51 PM
To: Dan O'Donnell
Cc: email@hidden
Subject: Re: [Fed-Talk] DISA STIG for 10.5
On Dec 8, 2010, at 8:33 AM, Dan O'Donnell wrote:
In case you are interested in reading (and commenting) on DISA's
consideration of 10.5, here is their announcement of a draft STIG
(Security Technical Implementation Guideline):
I was just browsing through this document (with my personal biases
turned on high:). I like that they produced this document for the Mac,
and it gives me a good idea of where their thinking is. Is it
traditional for some contractor to come out with an application to apply
these changes automatically?
Initial observations:
First, 10.5? Really? 10.6 has been out for more than a year.
Second, I don't think they test these things. For example, they provide
the audit settings
flags:lo,ad,-all,-fr,fd,fm,^-fa,^- fc,^-cl
But the auditing (last I checked) was completely broken on 10.5. These
settings pretty much do nothing, and at worse, provide a false sense of
security. If you want auditing, move to 10.6.
Third, in a computer security document why did they need to redefine the
acronym MAC to mean something other than Mandatory Access Controls?
(they call it "Mission Assurance Category") I think this is going to
lead to confusion down the road.
Fourth, there is a lot of stuff on changing permissions for directories
and files. I wonder if these get "re-fixed" by Apple every time software
updates are applied?
Any idea when one for 10.6 is coming out?
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden