Re: [Fed-Talk] Privacy policies and logging records
Re: [Fed-Talk] Privacy policies and logging records
- Subject: Re: [Fed-Talk] Privacy policies and logging records
- From: "Rowe, Walter P. \(Fed\) via Fed-talk" <email@hidden>
- Date: Tue, 5 Dec 2023 19:35:19 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RsocK66Pf+PZcbCN6PEd4UY9ocxtU4/AGiSnTD/n3Xg=; b=gxyCIkdbyho3G/OO7HvvH2piPcAOQ6qCEpMGhHyUTAHd43VEJ6I/yyRCYlhm0TLDxFC+F6O10GQ15CEbiMqgSCqN1lS/uybNNU8pi993nT5sFxjQlWkSu7GACrzLvCXbmuea8ZHuwPpi5sk+zZVNULiMBixH7sNcuACEzaRFY7ri5tCbDBdHas7SdjNHIVw8+nxcliOXrtPNbBlPZutHq4u9ZCFVya1MkvgpEEtQVI1cBwJEWto6DU+s/f71MAsgFGLRtG+Tkj6YM4lG7ZC9EjfLPm9+eUNq2cQUhjZpjUPZkgCUZnk3mJtUEsFY51aWpL4oDnEFzko51bVNIQe5yA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GUMBLYnHseilRJIosYT3TaEinE2QMxY8Gwk8aP67YsXAUfasxnpv9QQ3zNfLwDU3sfBLiRevnnz+SaGeCY0ZM5r7P1rSYJU+RKN9FTYKIZRa6vL+SrrxdDrM2tDXmj3eIHAZbIFv3X7RYVVDP4lQBT0ByU9QawDV6g3eu/1rQNOP0jZhZmtNwUfRhiy0oKO+SWB4B3KgX6+0zBuiLPFKkROUnRKtRBqqtB/H35Hsi/R1Q+DpR58BQPJ92pfN89wunGQktUTUCkwLUqbE90yE5WAhjNO9cE+W5RN9FadaFDeEIgCsZBqbLFHRwKHznKoD0AeDZQ83VtGp3kkUb/su2Q==
- Thread-topic: [Fed-Talk] Privacy policies and logging records
https://www.stigviewer.com/stig/apple_macos_13_ventura/2023-08-28/finding/V-257157
Verify the macOS system is configured to display a policy banner with the
following command:
/bin/ls -l /Library/Security/PolicyBanner.rtfd
-rw-r--r--@ 1 admin sheel 37 Jan 27 11:18 /Library/Security/PolicyBanner.rtfd
If "PolicyBanner.rtfd" does not exist, this is a finding.
If the permissions for "PolicyBanner.rtfd" are not "644", this is a finding.
The banner text of the document must read:
"You are accessing a U.S. Government (USG) Information System (IS) that is
provided for USG-authorized use only. By using this IS (which includes any
device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for
purposes including, but not limited to, penetration testing, COMSEC monitoring,
network operations and defense, personnel misconduct (PM), law enforcement
(LE), and counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject
to routine monitoring, interception, and search, and may be disclosed or used
for any USG authorized purpose.
-This IS includes security measures (e.g., authentication and access controls)
to protect USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE
or CI investigative searching or monitoring of the content of privileged
communications, or work product, related to personal representation or services
by attorneys, psychotherapists, or clergy, and their assistants. Such
communications and work product are private and confidential. See User
Agreement for details."
If the text is not worded exactly this way, this is a finding.
Walter
--
Walter Rowe, Division Chief
Infrastructure Services Division
Mobile: 202.355.4123
On Dec 5, 2023, at 2:26 PM, Rowe, Walter P. (Fed) via Fed-talk
<email@hidden> wrote:
The login banner tells you that you have no reasonable expectation of privacy.
You are accessing a U.S. Government information system, which includes: 1) this
computer, 2) this computer network, 3) all Government-furnished computers
connected to this network, and 4) all Government-furnished devices and storage
media attached to this network or to a computer on this network. You understand
and consent to the following: you may access this information system for
authorized use only; unauthorized use of the system is prohibited and subject
to criminal and civil penalties; you have no reasonable expectation of privacy
regarding any communication or data transiting or stored on this information
system at any time and for any lawful Government purpose, the Government may
monitor, intercept, audit, and search and seize any communication or data
transiting or stored on this information system; and any communications or data
transiting or stored on this information system may be disclosed or used for
any lawful Government purpose. This information system may contain Controlled
Unclassified Information (CUI) that is subject to safeguarding or dissemination
controls in accordance with law, regulation, or Government-wide policy.
Accessing and using this system indicates your understanding of this warning.
Walter
--
Walter Rowe, Division Chief
Infrastructure Services Division
Mobile: 202.355.4123
On Dec 5, 2023, at 2:00 PM, Todd Heberlein via Fed-talk
<email@hidden> wrote:
Hi all,
Does the federal government have any guidance on privacy policies on what can
be logged?
We are using Apple’s network system extension for macOS, and it collects a fair
amount of information. I was wondering if the government has any policies that
would say whether capturing this level of detail is permitted or not.
As an example in the screenshot below, box (1) shows information a typical
network monitor (e.g., Zeek or NetFlow) could collect on an encrypted
connection, and box (2) shows additional details Apple’s network system
extension can collect on the Mac for that connection (e.g., the URL passed over
the encrypted connection) even without MITM decryption.
<Traffic-for-fedtalk-annotated.png>
Any pointers on policies would be appreciated. Thanks,
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden