Re: [Fed-Talk] Question on Mac approval
Re: [Fed-Talk] Question on Mac approval
- Subject: Re: [Fed-Talk] Question on Mac approval
- From: Peter Thoenen - NOAA Federal <email@hidden>
- Date: Thu, 29 Aug 2013 11:57:09 -1000
True but irrelevant IMHO. Regardless of the private sector we have a
statutory requirement within the Federal IT space to follow NIST SP800-70
via 800-53 CM-2 via FIPS200.
If a commercial vendor can't meet hard requirements, then we simply
shouldn't be using that vendor. We seem to understand that in all
procurements EXCEPT It procurements, i.e. we don't use construction
contractors that can't meet code (and history of such) nor do we purchase
various other widgets that can't meet our requirements. In IT (because we
hate to imagine ourselves as a boring commodity/utility instead of a sexy
sales/rockstar/engineer/creative class) we have a distinct inability to
simply follow the rules as written.
If the requirement is 10.6, then you use 10.6. If you can't use 10.6, then
buy something else.
And once again I'm saying that from a high horse, I live in the same reality
as the rest of you were in practice our supervisors and senior
organizational managers say "Don't care, want to sexy widget" :)
> -----Original Message-----
> From: fed-talk-bounces+peter.thoenen=email@hidden
> [mailto:fed-talk-
> bounces+peter.thoenen=email@hidden] On Behalf Of Beatty,
> Daniel D CIV NAVAIR, 474300D
> Sent: Thursday, August 29, 2013 10:08
> To: Fed Talk (email@hidden)
> Subject: Re: [Fed-Talk] Question on Mac approval
>
> Hi Paul,
> That is kind of the point. When the Federal government is not the only
> customer, those other customers may have a greater
> influence. Hence, the notion of standards is kind of a requirement.
> However, for such a thing to have value there has to be buy in by
> all parties, including the manufactures. If a manufacture can say, my
> customers don't need it, then it is hard to influence an outcome
> that has the feature desired.
>
> On the flip side, the OSI veterans can fill an ear about how they had the
> "right people" on their committees. OSI talked a good
> scheme, but TCP-IP walked the walk much more effectively. The irony was
> that TCP-IP was built into every BSD variant, and thus the
> internet was borne. OSI wanted the credit, but in the end their vendors
> buy in looked like "sunk cash."
>
> What will happen with NIST/DISA standards for security? They have the buy
> in, just like OSI. However, Apple looks like the TCP-IP
> cowboy. So is there a pattern?
>
> V/R,
>
> Daniel Beatty, Ph.D.
> Computer Scientist
> Code 474300D
> 1 Administration Circle. M/S 1109
> China Lake, CA 93555
> email@hidden
> (760)939-7097
>
>
>
>
> -----Original Message-----
> From: fed-talk-bounces+daniel.beatty=email@hidden
> [mailto:fed-talk-bounces+daniel.beatty=email@hidden]
> On Behalf Of Robinson, Paul, DVI/DMA-Fort Meade
> Sent: Thursday, August 29, 2013 12:33 PM
> To: Disiena, Ridley (GRC-VG00)[DB Consulting Group, Inc.]; Moore, Dallas
> Cc: Apple Fed-Talk List
> Subject: Re: [Fed-Talk] Question on Mac approval
>
> This point Ridley makes (see below) is illustrated by the 10.8 release.
> Apple's disk encryption capability changed in 10.8. In 10.7 the
> CAC could be used to provide the encryption key making it possible to boot
> up the computer with a CAC. 10.8 dropped this support,
> so encryption is via username/password. Once set it is not possible to
> enable CAC login.
>
> The only solution is to procure a third-party disk encryption tool for DAR
> compliance. I expressed this to an Apple rep yesterday and
> he says their focus is small groups use of the workstations, despite the
> enterprise use of the Apple OS across the Apple enterprise.
> Sad really.
>
> Paul Robinson, CISSP
> Defense Media Activity
>
> From: "Disiena, Ridley (GRC-VG00)[DB Consulting Group, Inc.]"
> <email@hidden<mailto:email@hidden>>
> Date: Thursday, August 29, 2013 12:31 PM
> To: "Moore, Dallas"
> <email@hidden<mailto:email@hidden>>
> Cc: Apple Fed-Talk List
> <email@hidden<mailto:email@hidden>>
> Subject: Re: [Fed-Talk] Question on Mac approval
>
> Another reason in my opinion, is the rapid release cycle from Apple which
> is only compounded by the veil of secrecy and lack of
> confidence the federal space has in the future releases. Most if not all
> Federal agencies have no assurance in what security features
> will remain in Apple provided operating systems from one version to the
> next, year after year, what will be deprecated / left limping
> with lack of adequate support, or what will be removed entirely and cease
> to be a feature.
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden