Re: [Fed-Talk] Question on Mac approval
Re: [Fed-Talk] Question on Mac approval
- Subject: Re: [Fed-Talk] Question on Mac approval
- From: "Alcasid, James (By Light)" <email@hidden>
- Date: Fri, 30 Aug 2013 13:33:21 -0500
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Question on Mac approval
Dan,
I don't think Apple has any special consideration or advantage with NIST,
at least not more than any other vendor seeking validation of
cryptographic module for FIPS 140-2 conformance.
Like you, I advocate for Apple in the federal enterprise but it is
difficult when the vendor doesn't view federal enterprise a priority.
Also, another dead horse that never left the barn, and this is kind of on
us (or the agencies involved) is the FDCC for Mac (SDCC.)
Best Regards,
James Alcasid
On 8/29/13 7:21 PM, "Beatty, Daniel D CIV NAVAIR, 474300D"
<email@hidden> wrote:
>Hi Peter,
>First, I should say take it easy. I am not against you. That said, you
>kind of proved my point. Apple has buy in with NIST, and from the point
>of view of having a good product. It is just as much a matter of our
>relevance as a customer as it is their relevance as a provider.
>
>The point I made about OSI is very relevant. The USG also mandated that
>OSI be used throughout its networks. In other words, OSI was supposed to
>be the network. Just when did OSI work? IBM had a few prototypes that
>did not live up to its own standards. If we played by that rule, the
>internet would never have been. However, the President mandated use of
>the internet in 1994. What do you think the people were doing in between
>the two mandates? A lot of people were using the internet, even in the
>USG, before the President's mandate. Were they in violation of mandates?
> Or did they choose to comply with their mission, which also a mandate?
>There is always someone who has the ability to get our customers what
>they need to do their job, even if it removes us from relevance. It
>happened in the case OSI.
>
>In any case, you are right in the fact we should encourage Apple on
>higher standards. We should check both with Apple and their third party
>supporters. There is always some incentive to encourage mutual goals.
>
>V/R,
>
>Daniel Beatty, Ph.D.
>Computer Scientist
>Code 474300D
>1 Administration Circle. M/S 1109
>China Lake, CA 93555
>email@hidden
>(760)939-7097
>
>
>
>
>
>
>-----Original Message-----
>From: Peter Thoenen - NOAA Federal [mailto:email@hidden]
>Sent: Thursday, August 29, 2013 2:57 PM
>To: Beatty, Daniel D CIV NAVAIR, 474300D; Fed Talk
>Subject: RE: [Fed-Talk] Question on Mac approval
>
>True but irrelevant IMHO. Regardless of the private sector we have a
>statutory requirement within the Federal IT space to follow NIST SP800-70
>via 800-53 CM-2 via FIPS200.
>
>If a commercial vendor can't meet hard requirements, then we simply
>shouldn't be using that vendor. We seem to understand that in all
>procurements EXCEPT It procurements, i.e. we don't use construction
>contractors that can't meet code (and history of such) nor do we purchase
>various other widgets that can't meet our requirements. In IT (because
>we
>hate to imagine ourselves as a boring commodity/utility instead of a sexy
>sales/rockstar/engineer/creative class) we have a distinct inability to
>simply follow the rules as written.
>
>If the requirement is 10.6, then you use 10.6. If you can't use 10.6,
>then buy something else.
>
>And once again I'm saying that from a high horse, I live in the same
>reality as the rest of you were in practice our supervisors and senior
>organizational managers say "Don't care, want to sexy widget" :)
>
>> -----Original Message-----
>> From: fed-talk-bounces+peter.thoenen=email@hidden
>> [mailto:fed-talk-
>> bounces+peter.thoenen=email@hidden] On Behalf Of Beatty,
>> Daniel D CIV NAVAIR, 474300D
>> Sent: Thursday, August 29, 2013 10:08
>> To: Fed Talk (email@hidden)
>> Subject: Re: [Fed-Talk] Question on Mac approval
>>
>> Hi Paul,
>> That is kind of the point. When the Federal government is not the
>> only customer, those other customers may have a greater influence.
>> Hence, the notion of standards is kind of a requirement.
>> However, for such a thing to have value there has to be buy in by all
>> parties, including the manufactures. If a manufacture can say, my
>> customers don't need it, then it is hard to influence an outcome that
>> has the feature desired.
>>
>> On the flip side, the OSI veterans can fill an ear about how they had
>>the
>> "right people" on their committees. OSI talked a good
>> scheme, but TCP-IP walked the walk much more effectively. The irony
>> was that TCP-IP was built into every BSD variant, and thus the
>> internet was borne. OSI wanted the credit, but in the end their
>> vendors buy in looked like "sunk cash."
>>
>> What will happen with NIST/DISA standards for security? They have the
>> buy in, just like OSI. However, Apple looks like the TCP-IP
>> cowboy. So is there a pattern?
>>
>> V/R,
>>
>> Daniel Beatty, Ph.D.
>> Computer Scientist
>> Code 474300D
>> 1 Administration Circle. M/S 1109
>> China Lake, CA 93555
>> email@hidden
>> (760)939-7097
>>
>>
>>
>>
>> -----Original Message-----
>> From: fed-talk-bounces+daniel.beatty=email@hidden
>> [mailto:fed-talk-bounces+daniel.beatty=email@hidden]
>> On Behalf Of Robinson, Paul, DVI/DMA-Fort Meade
>> Sent: Thursday, August 29, 2013 12:33 PM
>> To: Disiena, Ridley (GRC-VG00)[DB Consulting Group, Inc.]; Moore,
>> Dallas
>> Cc: Apple Fed-Talk List
>> Subject: Re: [Fed-Talk] Question on Mac approval
>>
>> This point Ridley makes (see below) is illustrated by the 10.8 release.
>> Apple's disk encryption capability changed in 10.8. In 10.7 the CAC
>> could be used to provide the encryption key making it possible to boot
>> up the computer with a CAC. 10.8 dropped this support, so encryption
>> is via username/password. Once set it is not possible to enable CAC
>> login.
>>
>> The only solution is to procure a third-party disk encryption tool for
>> DAR compliance. I expressed this to an Apple rep yesterday and he
>> says their focus is small groups use of the workstations, despite the
>> enterprise use of the Apple OS across the Apple enterprise.
>> Sad really.
>>
>> Paul Robinson, CISSP
>> Defense Media Activity
>>
>> From: "Disiena, Ridley (GRC-VG00)[DB Consulting Group, Inc.]"
>> <email@hidden<mailto:email@hidden>>
>> Date: Thursday, August 29, 2013 12:31 PM
>> To: "Moore, Dallas"
>> <email@hidden<mailto:email@hidden>>
>> Cc: Apple Fed-Talk List
>> <email@hidden<mailto:email@hidden>>
>> Subject: Re: [Fed-Talk] Question on Mac approval
>>
>> Another reason in my opinion, is the rapid release cycle from Apple
>> which is only compounded by the veil of secrecy and lack of confidence
>> the federal space has in the future releases. Most if not all Federal
>> agencies have no assurance in what security features will remain in
>> Apple provided operating systems from one version to the next, year
>> after year, what will be deprecated / left limping with lack of
>> adequate support, or what will be removed entirely and cease to be a
>> feature.
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> mil
>>
>> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden