Re: [Fed-Talk] Question on Mac approval
Re: [Fed-Talk] Question on Mac approval
- Subject: Re: [Fed-Talk] Question on Mac approval
- From: Peter Thoenen - NOAA Federal <email@hidden>
- Date: Wed, 28 Aug 2013 11:52:58 -1000
> Does the Air Force demand strict adherence to the STIG? We use Macs
> running 10.8 in the Navy. Sure, they technically cannot be
> "STIG compliant" because there is no STIG, but everyone knows it takes
> DISA months upon months to come out with a STIG, and
> they're always going to be behind Apple's release cycle. So far, there
> has been no "You WILL meet every item in the STIG, or else."
> And if there was, there'd be a huge pushbackŠ "OK, tell us how."
While not the DOD answer your answer runs afoul of NIST SP 800-53 CM2 and
NIST SP 800-70 (both of which DOD use to develop their own guidance). It's
not about meeting EVERY STIG item but using a NCP (which the STIG is a
subset of) applicable to your product.
Outside the policy world there are real security reasons for this.
Following a Windows 2000 security guide for Windows 2012 system will leave
your W2K12 instance insecure. While I'm not an Apple SME there is always
the real chance Apple made changes at some weird only a Tier 1 SME would
notice file perm / kernel level (i.e. maybe an obscure file perm default
changed) and often those changes are to make systems LESS secure (because of
home user complaints). Basically it's a bad idea and the answer to users is
"too bad" as unpalatable as that is :) [and no I'm not saying we aren't
immune from those same pressures over here at NOAA :]
YMMV as I left DoD back in '09 so not sure their current guidance on any of
this stuff especially with 800-53 rev4 out and the supposed (finally)
merging of DoD DIACAP process with the rest of the Federal Governments NIST
A&A process :)
-Peter
PS: You can get NEW Mac's w/ 10.6 still .. we do.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden