Re: [Fed-Talk] Question on Mac approval
Re: [Fed-Talk] Question on Mac approval
- Subject: Re: [Fed-Talk] Question on Mac approval
- From: "Edgell, Joe" <email@hidden>
- Date: Thu, 29 Aug 2013 17:54:16 +0000
- Thread-topic: [Fed-Talk] Question on Mac approval
> After all, it is mathematically impossible to make a "secure computer"
> that is invulnerable to all threats.
Well, if it's unplugged and turned off it's pretty secure. :-)
Hi all,
As I was reading this thread, I was getting that "oh here we go again."
To answer the original question, the Snow Leopard STIG published by DISA is a good start. What makes sense is if a NIST or Apple recommendation overrides the published STIG, then chances are the more up to date information is more applicable to current threats.
The mere notion of computer security is a dependency on present threats and statistics. After all, it is mathematically impossible to make a "secure computer" that is invulnerable to all threats. All we can do is reduce the chances of damage, while enabling the customer (aka the users) to do their jobs. If we get to the point of saying too bad, I hope capitalism is alive and well enough to have a provider that allows the customer to prove such ideas wrong.
V/R,
Daniel Beatty, Ph.D.
Computer Scientist
Code 474300D
1 Administration Circle. M/S 1109
China Lake, CA 93555
email@hidden
(760)939-7097
-----Original Message-----
From: fed-talk-bounces+daniel.beatty=email@hidden [mailto:fed-talk-bounces+daniel.beatty=email@hidden] On Behalf Of Disiena, Ridley (GRC-VG00)[DB Consulting Group, Inc.]
Sent: Thursday, August 29, 2013 9:31 AM
To: Moore, Dallas
Cc: Apple Fed-Talk List
Subject: Re: [Fed-Talk] Question on Mac approval
Which is odd considering the number of Macs rumored to be used by NIST, but of course that is arbitrary and only an amusing factoid if even true.
Its not clear to me what determines NIST's priorities on operating system security guidance, especially when Agencies are being so critically evaluated by FISMA / SCAP / Cyberscope. The number of OS X and various mobile operating systems clearly must outweigh RHEL in numbers in the Federal government, although perhaps not when considering mission critical systems, although that might not be true either. I really do not know for sure, but have asked myself "why" the lack of focus on Apple Operating Systems for years. It has played out for many years that NSA / DoD / Apple derived guidance over shadows anything NIST has ever produced for Apple operating systems. Even then, Federal guidance for OS X its usually not ready for one OS X release before the next version of OS X is released, offering a short windows for implementation until its redundant again, further complicated operating system requirements by new Apple hardware.
In my opinion, it could be due to the Apple's lack of fully functional built-in OFFICIALLY APPLE SUPPORTED compatibility with Federal requirements such as HSPD-12, OMB M-11-11, etc. Another reason in my opinion, is the rapid release cycle from Apple which is only compounded by the veil of secrecy and lack of confidence the federal space has in the future releases. Most if not all Federal agencies have no assurance in what security features will remain in Apple provided operating systems from one version to the next, year after year, what will be deprecated / left limping with lack of adequate support, or what will be removed entirely and cease to be a feature. In comparison, in my opinion Microsoft and Redhat have very long life-cycles, are more transparent, and very responsive to federal requirements as well as their participation in meeting in some cases setting the industry security standards.
Just my observations and opinions.
Ridley DiSiena, CISSP
On Aug 29, 2013, at 11:28 AM, "Moore, Dallas" <email@hidden>
wrote:
Not really. Last I checked, USGCB only covered Windows desktop OSes and RHEL.
v/r
Dallas Moore
Information Security Analyst
U.S. House of Representatives
Desk: 202-226-9760
Mobile: 202-815-5472
From: fed-talk-bounces+dallas.moore=email@hidden [mailto:fed-talk-bounces+dallas.moore=email@hidden] On Behalf Of Rowe, Walter
Sent: Wednesday, August 28, 2013 6:20 PM
To: Apple Fed-Talk List
Subject: Re: [Fed-Talk] Question on Mac approval
Is there anything useful out of USGCB?
--
Walter Rowe, Hosting Services
Enterprise Systems / OISM
Email: email@hidden <mailto:email@hidden>
Work: 301-975-2885
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden