|
Apple has committed to going through FIPS validation and they’ve been doing a decent job keeping up with it, even with the annual release cycle; it just takes a while to get through the process.
For those interested, I have a post available on FileVault 2 and FIPS 140-2 available from here:
Thanks,
Rich
On Feb 25, 2016, at 11:11 AM, William Cerniuk < email@hidden> wrote:
I would wager that the Technical Reference Model (TRM) you speak of does not dig through all the Windows included software, extensions, function providing DLLs and list those separately either.
If the TRM is re-defining the "operation system" (technically what is installed when you install the OS, even the apps which are services in the OS) then it needs to do so explicitly. Otherwise what you have is opinion vs policy.
But in all reality, the encryption has it’s own certification system and it’s own guidelines through OMB for federal types. NIST does not certify operating systems but rather encryption modules (aka hardware, software, firmware or mashup thereof)
which is discrete optional component. Given the stringency of that, and given Apple propensity to not self-recertify per NIST policy and guidelines, we are simply stuck with inferior third party products which lack efficiency, robust operations and compatibility.
So in this case, I will give a nod to IT in that if Apple,
like every other vendor on the planet, would self-recertify, then the Macs would have a much easier time not only being present in the federal enterprise networks, but much better sales to federal enterprise customers who
really really really need to check that NIST Certified FIPS Compliant 140-2 check box.
--
V/R,
Wm. Cerniuk
Ph: 703.594.7616
On Feb 25, 2016, at 10:50 AM, Alan Lesse < email@hidden> wrote:
I work at a VA Hospital and we have a grant to do some large data analysis and wanted to put some Macs on our network. Despite the fact that Yosemite has been approved (with constraints) on the most recent One-VA Technical Reference Model v16.2
(1/4/2016), and the CoreCrypto module is FIPS 140-2 certified (El Capitan is One TRM approved but the CryptoModule is still waiting I believe), I am told that since File Vault is not on the approved list of encryption programs, the laptop must be encrypted
with an approved third party product.
My logic is that if the module and the OS are certified and File Vault is part of the OS, the program does not have to appear on the list to use it. Sticky notes, Calculator, and Paint are all part of the Windows environment that do not appear on lists of
approved programs, but we are allowed to use those applications. I do realize that disk encryption should have a higher level of security then desktop apps, but I don’t understand why FileVault is not recognized if it’s part of the OS. I am told that I
can request use at TRM.
Has anyone been able to use a Mac in the VA or other Federal environment with File Vault? My experience with third party disk encryption programs has not been stellar.
Alan Lesse
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list ( email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list ( email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
---
JRC Help Desk
phone: x4030
The best way to get in touch with me is through email.
|