Re: [Fed-Talk] FIPS 140-2 Administration Tools Package Available
Re: [Fed-Talk] FIPS 140-2 Administration Tools Package Available
- Subject: Re: [Fed-Talk] FIPS 140-2 Administration Tools Package Available
- From: Robert Jacobson <email@hidden>
- Date: Tue, 15 May 2012 12:10:38 -0400
On 5/11/2012 4:02 PM, Shawn Geddis geddis-at-apple.com |apple
fed-talk/fed-talk| wrote:
[snip]
After
any OS X Lion System and/or Security update, the Crypto
Officer must either 1) run the
FIPS Administration installer again or 2) run the FIPSPerformSelfTest create command.
This step is necessary to update the Error Detection Code
(EDC) for the integrity validation of the PRNG
during the Power On Self Test.
Just to make sure I understand this:
So, for any FIPS-compliant Apple system, this seems to imply that
you can no longer simply use "Software Update" to update your Macs.
i.e. you have to run a command after the security update, and
Software Update does not provide a time to do that.
*If* that's true, would it be possible for one to setup a
post-update script somehow? Maybe even build a test for this in
every security update from Apple? i.e. all security updates from
Apple should check if FIPS is enabled, and if so run the FIPS
self-test command?
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Robert Jacobson
Lead System Admin Solar Dynamics Observatory (SDO)
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden