Re: [Fed-Talk] YubiKeys on macOS and iOS — ditch your CAC
Re: [Fed-Talk] YubiKeys on macOS and iOS — ditch your CAC
- Subject: Re: [Fed-Talk] YubiKeys on macOS and iOS — ditch your CAC
- From: "Levine, Jason \(NIH/NCI\) \[E\] via Fed-talk" <email@hidden>
- Date: Wed, 22 Mar 2023 15:37:47 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mail.nih.gov; dmarc=pass action=none header.from=mail.nih.gov; dkim=pass header.d=mail.nih.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+GVvtfXpvKPgC3wsuUza3mCRioT0eKfPhPhQV2eoH0Q=; b=grabZOB+yOThYq2+hHVpzT60l3upegWkWr6Ny0lFPXntr1YJRnhVNaicDI296Eut0dkGGqqo2cp6OGqBLuU04RX/Q4LtITV5wVkZk4sGlt+CkHhylCwBT2Yur3r/FC50M0UikD2qgzJ7Zq5yG04O9+dWOd/itgyDa3b+Rjp5dY4XX3yJSjgtIfC8mIMLmkuckqEIKPHJCayhrlCT14QC/aMj5vXdMAtmMkfkE3EHL8V7PkO0lH9LOBUkvovH9lnfYg4lxHNNKuMaAaCmei5QX7A1ovEuRyv5oNbHETSIEEaAovDHAIx8rM7crrhwAL62nuPphyEEANEgR5z0P3K+Gw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W6hMaqBDH6hW+c/65ok+NWtWDeg2E6t9BySgJC30Re6cABIQ22NzjCGnw7qy2+TCromt3Qdz0ytC7er61b60y2tWkSNc5pKegrU5AWk9FHOf0k8pgLeGe2A1vq9hdLsEBD+y30h6IAOoouREoZ/+T9/DuivZ84kiUXWYAM3L4VfxrRILXldrAdeTIHUWj9/xfLhU/+FcCqDn3QNaNtHLoN09vupiGmZr4rGoCLhzQY6noy0AftsKrSpcXsKcNh4SqgFXm20IDqWoDmBrAriVvSu62LrYVX/tTty6NrEqYgbwYA/9JJs9b9E0qOMeRD+c+Vgxifnm/J49K+9MxlldsQ==
- Thread-topic: YubiKeys on macOS and iOS — ditch your CAC
We just started testing this here at the NIH, and I would love to connect with
somebody who has managed to get all the various pieces working with macOS at
their agency. There are a few fiddly bits that I haven’t yet figured out!
Jason
Jason Levine (he/him)
Associate Research Physician
NCI CCR Associate Director for IT & Clinical Informatics
NCI CCR Pediatric Oncology Branch
(240) 276-5557
From: "Dave Schroeder via Fed-talk"
<email@hidden<mailto:email@hidden>>
Date: Wednesday, March 22, 2023 at 10:47:32 AM
To: "Fed Talk" <email@hidden<mailto:email@hidden>>
Subject: [Fed-Talk] YubiKeys on macOS and iOS — ditch your CAC
All,
For those of you used to dealing with CACs and CAC readers on macOS (and iOS),
there is another option.
https://www.yubico.com/products/yubikey-fips/
Bottom line, you want to get the Series 5, and something that is FIPS
compliant. The derived certs are issued under DOD DERILITY CA-1.
You can get as many keys as you want provisioned (or as many as your PureBred
Agent's patience allows). It works *in lieu of* a CAC. The Lighting + USB-C
version works on iOS (or could get the USB-C-only version for newer iPads).
The enrollment process requires a PureBred Agent to do a little back-and-forth
with the user, exchanging OTPs and such, and needs to happen on NIPR (to
include AVD). Once provisioned, it can be used in place of a CAC and reader.
Official authorization for use, including on NIPR:
https://dodcio.defense.gov/Portals/0/Documents/Cyber/DoDCIOMem-MobilePKICredentials.pdf
A few purchasing notes:
Rob Konosky
Federal Sales Director | Yubico
Phone: +1 703.201.6135
[yubikey.jpg]
![JPEG image](/attachments/jpgjSRzBBTIL4.jpg)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden