Re: [Fed-Talk] [Announce] iOS 5 - Security Configuration Recommendations - Posted at NSA
Re: [Fed-Talk] [Announce] iOS 5 - Security Configuration Recommendations - Posted at NSA
- Subject: Re: [Fed-Talk] [Announce] iOS 5 - Security Configuration Recommendations - Posted at NSA
- From: "Link, Peter R." <email@hidden>
- Date: Tue, 15 May 2012 06:51:54 -0700
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] [Announce] iOS 5 - Security Configuration Recommendations - Posted at NSA
Shawn, The SCAP content showed up as of this morning. It includes OVAL and XCCDF but nothing else. I understand this is just the beginning but is this the extent of the pieces that will be provided and needed? It looks like the OVAL content is only using the plist test method. Is this enough to validate settings for everything? From the looks of it, these checks are being made against a configuration file residing on a host computer or MDM server. Is that correct? If so, any possibility of testing the actual device? Will that be necessary or does NSA feel an installed configuration is sufficient to demonstrate compliance? (This would be nice if they felt this way and auditors agreed.)
Are you/Apple/NSA also working on providing USGCB configurations for iOS5? I don't want to get too far ahead but noticed the XCCDF content had rules for BYOD (ugh!) and Enterprise so a federally-approved baseline configuration wouldn't be out of the question.
Thanks and I will also be watching for an announcement on the 10.7 security guide and the beginning of SCAP content for it. ;-)
On May 14, 2012, at 12:43 PM, Shawn Geddis wrote: Fed-Talk members,
You now also have available to you the "iOS 5 Security Configuration Guidance" retrievable directly from NSA’s IA website for Operating Systems:
The posting includes a link to “Associated SCAP Content” as well, ..... (but it looks like the current link is broken - their folks have been notified.)
As has been the case over the years with OS X, the first version of the iOS platform guidance has been both branded and posted directly by NSA as a result of guidance collaboration between our two organizations. This will be posted at http://www.apple.com/support/security/guides/ as well. Moving forward, the guidance will be branded under Apple, but will still result as a byproduct of continued guidance collaboration between our organizations.
Collaboration and posting of SCAP content is the direction moving forward, so keep a lookout for more information on SCAP on Apple.
- Shawn ________________________________________ Shawn Geddis Security Consulting Engineer Apple Enterprise Division
Peter Link Cyber Security Analyst Cyber Security Program Lawrence Livermore National Laboratory PO Box 808, L-315 Livermore, CA 94550 email@hidden
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden