Re: [Fed-Talk] The Joys of FIPS
Re: [Fed-Talk] The Joys of FIPS
- Subject: Re: [Fed-Talk] The Joys of FIPS
- From: "Shawn A. Geddis" <email@hidden>
- Date: Fri, 20 Sep 2013 12:50:47 -0700
Thanks for followup Bryan.
On Sep 20, 2013, at 12:41 PM, Walls, Bryan K. (MSFC-EO50) < email@hidden> wrote: iOS isn't really such a big deal for us at NASA, since we really don't support encryption on iOS beyond requiring device encryption be activated to store our non-SBU (anything sensitive should be PKI encrypted, and we're not supposed to have our PKI keys on the device) email. Users are rapidly updating to iOS 7.
I found this statement conflicting with current US Fed Gov’t direction with respect to PIV and discussion to move to the yet to be published use of "Derived Credentials”. Ridley is involved, so he can provide more NASA context for you if needed.
On the other hand, having FIPS 140-2 compliance for ML is a huge win, since we can potentially sell moving to FileVault II instead of a 3rd party product that's unpleasant to use and is destroying disks like nobody's business. The fact that we'll probably have to wait 6 months plus (possibly plus 6, 12, or 18!) to move to Mavericks (whichever WDE product we use) is pretty frustrating. We're just now moving to ML from Snow Leopard, and I'm pretty thrilled it's ML instead of Lion.
I am glad to hear this was of significant help to you all at NASA.
Open Question Anyone else want to share the impact of the previous FIPS 140-2 validations for Crypto used by iOS 6 / OS X 10.8 were within their respective Agency/Area ?
- Shawn ________________________________________ Shawn Geddis Security Consulting Engineer Apple Enterprise Division
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden