Re: [Fed-Talk] [Non-DoD Source] Re: Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
Re: [Fed-Talk] [Non-DoD Source] Re: Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
- Subject: Re: [Fed-Talk] [Non-DoD Source] Re: Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
- From: "Brodjieski, Daniel D CTR DISA JSP (US)" <email@hidden>
- Date: Wed, 20 Jun 2018 16:45:29 +0000
- Thread-topic: [Non-DoD Source] Re: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
We are looking into WinMagic’s offering for pre-boot smart card authentication.
https://www.winmagic.com/products/features/pba-pre-boot-authentication
From: Fed-talk
<fed-talk-bounces+daniel.d.brodjieski.ctr=email@hidden> on behalf
of Carib Mendez <email@hidden>
Date: Wednesday, June 20, 2018 at 12:33 PM
To: "Levine, Jason (NIH/NCI) [E]" <email@hidden>
Cc: "email@hidden" <email@hidden>
Subject: [Non-DoD Source] Re: [Fed-Talk] Shawn Geddis, Can you help a brother
out? issue: Macs at my office are going away because PIV/CAC authorization not
supported at boot up i.e. like bitlocker.
All active links contained in this email were disabled. Please verify the
identity of the sender, and confirm the authenticity of all links contained
within the message prior to copying and pasting the address to a Web browser.
I believe natively you are correct, bit locker does not support PIV
authentication pre-boot. There are however 3rd party products to claim the
ability to add on support for PIV auth pre-boot.
check Caution-https://secure-disk-for-bitlocker.com
On Jun 20, 2018, at 12:19 PM, "Levine, Jason (NIH/NCI) [E]"
<email@hidden> wrote:
But... how? Again, all documentation I can find (I've re-checked since my
earlier email) says that BitLocker does *not* support pre-boot authentication
with smartcards... it only allows smartcard decryption for removable drives and
non-system data drives (e.g., smartcard decryption *after* the full OS has
loaded, and critically, has loaded full support for the smartcard
driver/support stack).
Jason
Jason Levine, email@hidden < Caution-mailto:email@hidden >
NCI CCR Associate Director for IT & Clinical Informatics
NCI CCR Pediatric Oncology Branch
(240) 276-5557
On 6/20/18, 12:04 PM, "Jacob, Raymond A Jr. CIV SPAWARSYSCEN-ATLANTIC, 59530"
<email@hidden> wrote:
pre-boot
>> Are you using PIV at bitlocker pre-boot environment <<
-----Original Message-----
From: Lamb, John (NIH/NIDCD) [E] [Caution-mailto:email@hidden]
Sent: Wednesday, June 20, 2018 11:05 AM
To: Jacob, Raymond A Jr. CIV SPAWARSYSCEN-ATLANTIC, 59530
<email@hidden>
Subject: [Non-DoD Source] Re: [Fed-Talk] Shawn Geddis, Can you help a brother
out? issue: Macs at my office are going away because PIV/CAC authorization not
supported at boot up i.e. like bitlocker.
Are you using PIV at bitlocker pre-boot environment, or are they allowing
pre-boot bypass and relying on PIV login at the windows login window?
Because... that’s less secure than FV2 + PIV login at login window.
Thanks!
John Lamb
IT Specialist (Information Security)
Information Systems Management Branch
National Institute on Deafness and Other Communication Disorders
240-688-7017
email@hidden < Caution-mailto:email@hidden >
Caution-http://www.nidcd.nih.gov < Caution-http://www.nidcd.nih.gov >
On 6/20/18, 10:55 AM, "Jacob, Raymond A Jr. CIV SPAWARSYSCEN-ATLANTIC, 59530"
<email@hidden> wrote:
Shawn:
Macs at my office are going away because PIV/CAC authorization not supported
at boot up i.e. like bitlocker.
New Girl help a brotha out
Caution-https://www.youtube.com/watch?v=7szxqhSCgOw <
Caution-https://www.youtube.com/watch?v=7szxqhSCgOw >
Thank you
Raymond
PS: I think the next battle front is TPM vs SEP but that fight is for another
day.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden < Caution-mailto:email@hidden >
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
<
>
This email sent to email@hidden < Caution-mailto:email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
<
>
This email sent to email@hidden < Caution-mailto:email@hidden >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden