Re: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
Re: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
- Subject: Re: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
- From: "Levine, Jason (NIH/NCI) [E]" <email@hidden>
- Date: Thu, 21 Jun 2018 17:32:10 +0000
- Thread-topic: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
All, if you haven't reached out to Chris Stone, it's worth your while — he's
directly engaged on the next generation of FV and macOS security. He not only
would like to get solid feedback on the "right" way to implement full-disk
encryption that would enable such things as smartcard decryption, but also can
talk to you a bit about their current thoughts on the path forward... and I for
one was completely intrigued (and excited) to see the level of engagement and
thought process that's been put into it.
Jason
Jason Levine, email@hidden
NCI CCR Associate Director for IT & Clinical Informatics
NCI CCR Pediatric Oncology Branch
(240) 276-5557
On 6/21/18, 6:01 AM, "Chris Stone" <email@hidden> wrote:
All,
-the FedTalk List
For those of you who don't know me, I am one of the Apple SEs working out
of the Reston, Va office, supporting much of the US Federal Government. I would
like to speak to you all about this thread, can you all write to me to schedule
a call with me, or with my coworker who is working with me on this topic?
Chris Stone
Apple Inc
410-245-7543
> On Jun 20, 2018, at 13:25 PM, Miller, Timothy J. <email@hidden>
wrote:
>
> That's native. There are 3rd party solutions with smartcard preboot
support. E.g., and this is not a product endorsement:
https://secure-disk-for-bitlocker.com/features/#smart-card-support-for-bitlocker
>
> -- T
>
> On 6/20/18, 11:20 AM, "Fed-talk on behalf of Levine, Jason (NIH/NCI)
[E]" <fed-talk-bounces+tmiller=email@hidden on behalf of
email@hidden> wrote:
>
> But... how? Again, all documentation I can find (I've re-checked since
my earlier email) says that BitLocker does *not* support pre-boot
authentication with smartcards... it only allows smartcard decryption for
removable drives and non-system data drives (e.g., smartcard decryption *after*
the full OS has loaded, and critically, has loaded full support for the
smartcard driver/support stack).
>
> Jason
>
>
> Jason Levine, email@hidden
> NCI CCR Associate Director for IT & Clinical Informatics
> NCI CCR Pediatric Oncology Branch
> (240) 276-5557
>
> On 6/20/18, 12:04 PM, "Jacob, Raymond A Jr. CIV SPAWARSYSCEN-ATLANTIC,
59530" <email@hidden> wrote:
>
> pre-boot
>>> Are you using PIV at bitlocker pre-boot environment <<
>
> -----Original Message-----
> From: Lamb, John (NIH/NIDCD) [E] [mailto:email@hidden]
> Sent: Wednesday, June 20, 2018 11:05 AM
> To: Jacob, Raymond A Jr. CIV SPAWARSYSCEN-ATLANTIC, 59530
<email@hidden>
> Subject: [Non-DoD Source] Re: [Fed-Talk] Shawn Geddis, Can you
help a brother out? issue: Macs at my office are going away because PIV/CAC
authorization not supported at boot up i.e. like bitlocker.
>
> Are you using PIV at bitlocker pre-boot environment, or are they
allowing pre-boot bypass and relying on PIV login at the windows login window?
Because... that’s less secure than FV2 + PIV login at login window.
>
> Thanks!
>
> John Lamb
> IT Specialist (Information Security)
> Information Systems Management Branch
> National Institute on Deafness and Other Communication Disorders
> 240-688-7017
> email@hidden
> http://www.nidcd.nih.gov
>
> On 6/20/18, 10:55 AM, "Jacob, Raymond A Jr. CIV
SPAWARSYSCEN-ATLANTIC, 59530" <email@hidden> wrote:
>
> Shawn:
> Macs at my office are going away because PIV/CAC
authorization not supported at boot up i.e. like bitlocker.
>
> New Girl help a brotha out
> https://www.youtube.com/watch?v=7szxqhSCgOw
>
> Thank you
> Raymond
>
> PS: I think the next battle front is TPM vs SEP but that fight
is for another day.
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
>
> This email sent to email@hidden
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
>
> This email sent to email@hidden
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden