Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Outside Entities Computers

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 14 Dec 2007 18:02:27 -0500
On Fri, 14 Dec 2007 10:30:06 EST, Buz Dale said:

I would think if the ROTC brought up a machine on campus it would be
be a federal (DOD) Gov't machine.  As such, it should have very strict
requirements.  It's possible the staff in your local ROTC are not
aware of this.


Please note that just because it's a DoD box doesn't mean the requirements
are "very strict".

When I was working on the Solaris benchmark document for the Center for
Internet Security, I was surprised to find out that getting the benchmark into
a form that DISA would agree with was a high-priority item.  Of course, the
rules for boxes that are covered by 5220.22-M or similar high-security rules
are different, but the requirements for "bog standard server handling
non-classified data" aren't all that amazing.  If anything, most of the
policies I see discussed on this list are *stricter* than the DISA requirements.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: