• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17

  • Subject: Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17
  • From: David Solin <email@hidden>
  • Date: Fri, 25 Jan 2013 14:46:47 -0600
  • Organization: jOVAL
Title: Re: Fed-talk Digest, Vol 10, Issue 17
I cannot believe that DISA is still maintaining a manual STIG for MacOS!  Are they unaware of the availability of Mac-compatible open-source tools for SCAP scanning?

On 1/25/2013 2:35 PM, Christopher Thomas wrote:
DISA released an update to their STIG for Mac OS 10.6, has there been any talk between Apple and DISA on a security guideline for Lion or Mountain Lion?  In this arena, does anyone know of any automated tool to manage Mac OS to comply with STIG Guidelines or has anyone created scripts to effect the guidelines?  The steps for implementing STIG’s on Mac OS are manual and must be re-done with each update to the OS to insure the update did not reset settings.

Further, is there any current information on FIPS compliance for Apple implementation of whole disk encryption in Lion or Mountain Lion?

Assuming that Apple has some internal clock on ending support to Snow Leopard, Lion/Mountain Lion need to get into the reviewed arena.

For reference on STIG’s

http://iase.disa.mil/stigs/os/mac/mac.html

“The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA Field Security Operations (FSO) has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack. DISA FSO is in the process of moving the STIGs towards the use of the NIST Security Content Automation Protocol (S-CAP) in order to be able to “automate” compliance reporting of the STIGs.

A STIG Security Checklist, typically a companion of a STIG, is essentially a document that contains instructions or procedures to manually verify compliance to a STIG. STIGs have been under optimization efforts since 2008 to begin to combine the STIG and STIG Security Checklist into one document. Currently, however, you will still find instances where there are still STIGs with accompanying STIG Checklists.”



On 1/25/13 3:00 PM, "email@hidden" <email@hidden> wrote:
Send Fed-talk mailing list submissions to
        email@hidden

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.apple.com/mailman/listinfo/fed-talk
or, via email, send a message with subject or body 'help' to
        email@hidden

You can reach the person managing the list at
        email@hidden

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Fed-talk digest..."


Today's Topics:

   1. Re: EAP-TLS Authentication with CAC on iPad or iPhone (Matt Stier)


----------------------------------------------------------------------

Message: 1
Date: Fri, 25 Jan 2013 14:55:23 -0500
From: Matt Stier <email@hidden>
To: Shawn Geddis <email@hidden>
Cc: "email@hidden Talk" <email@hidden>
Subject: Re: [Fed-Talk] EAP-TLS Authentication with CAC on iPad or
        iPhone
Message-ID: <email@hidden">email@hidden>
Content-Type: text/plain; charset="windows-1252"

Thank you for the links, but that is not what I was referring to earlier.  Maybe my mind is not serving me as well as it normally does, but I could have sworn there was one or two products from Apple on the Modules In-Process list in block 1 for several months and then all of a sudden they were removed from the process altogether.  It may have been two years ago.  Again, it may just be I am not remembering it correctly.

On a separate note, do you know if apple plans to support smart cards natively in the future?

        -Matt

Matt Stier, CISSP/CWNA/ACMA
SPAWAR, Atlantic
Phone: 843.321.WLAN (9526) | Fax 843.218.6605
Email: email@hidden

On Jan 25, 2013, at 1:32 PM, Shawn Geddis wrote:

> On Jan 25, 2013, at 1:07 PM, Matt Stier <email@hidden> wrote:
>> If I am not mistaken, Apple (cannot remember if it was OSX or iOS related) was on the list roughly a year ago, but was removed for some reason either by Apple or another entity.  That is what I was referring to in my "thankfully" the comment.
>
> Matt,
>
> I believe what you may be referring to is the completion of the FIPS 140-2 Conformance Validation for Apple's CDSA/CSP module still available in OS X Lion v10.7 for use by Third-Party Developers.  OS X Lion was using the newer CoreCrypto / CoreCrypto Kernel modules, but we intentionally re-validated the CDSA/CSP module for third-party developers still using it at the time.  Another example of Apple following through with commitments to the US Federal Government.
>
> Modules appear on the Modules In-Process List [1][2] until they are complete and then move to the Validated Modules list [3][4] by CMVP.
>
> Apple FIPS Cryptographic Module (Software Version: 1.1)      
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1701
> ...on 3/30/2012
>
>
> This was a re-validation of the same module used by Mac OS X SnowLeopard v10.6.
>
> Apple FIPS Cryptographic Module (Software Version: 1.0)
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2011.htm#1514
> ...on 03/09/2011
>
>
> [1] http://csrc.nist.gov/groups/STM/cmvp/inprocess.html
> [2] http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf
> [3] http://csrc.nist.gov/groups/STM/cmvp/validation.html
> [4] http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm
>
>
> - Shawn
> ________________________________________
> Shawn Geddis                               T (703) 264-5103
> Security Consulting Engineer    C (703) 623-9329
> Apple Enterprise Division           email@hidden
>
> 11921 Freedom Drive, Suite 600, Reston VA  20190-5634
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.apple.com/mailman/private/fed-talk/attachments/20130125/b8130619/attachment-0001.html>

------------------------------

_______________________________________________
Fed-talk mailing list
email@hidden
https://lists.apple.com/mailman/listinfo/fed-talk

End of Fed-talk Digest, Vol 10, Issue 17
****************************************



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


--

jOVAL.org: SCAP Simplified.
Learn More | Features | Download 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17
      • From: "Rowe, Walter" <email@hidden>
References: 
 >Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17 (From: Christopher Thomas <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17
  • Next by Date: Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17
  • Previous by thread: Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17
  • Next by thread: Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 17
  • Index(es):
    • Date
    • Thread