Apple

Walls, Bryan K. (MSFC-EO50)

On Sep 27, 2016, at 4:14 PM, Ron Colvin <email@hidden> wrote:
On a policy note I'm not sure it should be allowed unless there is someway to register the watch as a token for each user that has one in an organizational directory. A personally owned and managed device is allowed to unlock the screen of an organizationally managed one? Now if you can get a PIV derived cert on the watch you'd have something. :-)

I do however have nothing to do with DOD policy so you're safe from me. There is a planned control for the CIS Benchmark that outlines what organizations should consider in this use case.

On 9/27/16 3:46 PM, Peterson Ed wrote:
Has anyone tried to make the auto-unlock/login work on a STIG’d Mac? I went through the process a few times always stopping at a message that stated I needed to complete the iCloud setup. After searching a few websites on 2FA, I found out to make the Apple Watch available to unlock you computer you needed WiFi enabled as well as bluetooth.

http://www.macworld.com/article/3123791/os-x/unlocking-a-mac-with-an-apple-watch-requires-two-factor-not-two-step-icloud-protectionwhat.html

It makes sense bluetooth should be there, but it’s beyond me why this entire process requires WiFi when a STIG’d system almost always disables WiFi at the lower level.

I have all the ingredients to make it work if it didn’t require WiFi. Does anyone know why WiFi needs to be in the mix?

V/R,

Ed

Ed Peterson

MUOS ISEA, NMF SME Hawaii

SPAWAR Systems Center Pacific

Code 55240

53560 Hull St, San Diego, CA 92152-5001

Office/Mobile: (619) 438-0049

NIPR: email@hidden

SIPR NMCI: email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
--


********************************************************
Ron Colvin CISSP, CAP, CEH
Certified Security Analyst
NASA ETADS ASCS staff
<email@hidden>
Direct phone 301-286-2451
NASA Jabber (email@hidden) AIM rcolvin13
NASA LCS (email@hidden)
********************************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>[Fed-Talk] Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac (From: Peterson Ed <email@hidden>)