Re: [Fed-Talk] Question on Mac approval
Re: [Fed-Talk] Question on Mac approval
- Subject: Re: [Fed-Talk] Question on Mac approval
- From: "Trouton, Rich R" <email@hidden>
- Date: Thu, 29 Aug 2013 20:58:07 +0000
- Thread-topic: [Fed-Talk] Question on Mac approval
On Aug 29, 2013, at 3:33 PM, Robinson, Paul, DVI/DMA-Fort Meade wrote:
> This point Ridley makes (see below) is illustrated by the 10.8 release. Apple's disk encryption capability changed in 10.8. In 10.7 the CAC could be used to provide the encryption key making it possible to boot up the computer with a CAC. 10.8 dropped this support, so encryption is via username/password. Once set it is not possible to enable CAC login.
I'm surprised to hear that FileVault 2 encryption could be unlocked with a CAC card in 10.7. To the best of my knowledge, FileVault 2's pre-boot login screen didn't support the use of anything beyond passwords or passphrase because EFI didn't support it.
Legacy FileVault could support the use of CAC cards, as the OS was up and running by the time that you unlocked the encryption on the user's account. EFI's limitations didn't apply.
If someone has experience with this, I'd like to hear more about how FileVault 2 in 10.7 supported CAC cards. This is brand new information for me.
Thanks,
RIch
>
> The only solution is to procure a third-party disk encryption tool for DAR compliance. I expressed this to an Apple rep yesterday and he says their focus is small groups use of the workstations, despite the enterprise use of the Apple OS across the Apple enterprise. Sad really.
>
> Paul Robinson, CISSP
> Defense Media Activity
>
> From: "Disiena, Ridley (GRC-VG00)[DB Consulting Group, Inc.]" <email@hidden<mailto:email@hidden>>
> Date: Thursday, August 29, 2013 12:31 PM
> To: "Moore, Dallas" <email@hidden<mailto:email@hidden>>
> Cc: Apple Fed-Talk List <email@hidden<mailto:email@hidden>>
> Subject: Re: [Fed-Talk] Question on Mac approval
>
> Another reason in my opinion, is the rapid release cycle from Apple which is only compounded by the veil of secrecy and lack of confidence the federal space has in the future releases. Most if not all Federal agencies have no assurance in what security features will remain in Apple provided operating systems from one version to the next, year after year, what will be deprecated / left limping with lack of adequate support, or what will be removed entirely and cease to be a feature.
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
---
Rich Trouton
email@hidden
JFRC Help Desk
phone: x4030
email: email@hidden
The best way to get in touch with me is through email.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden