Educause Security Discussion mailing list archives
Re: Outside Entities Computers
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 14 Dec 2007 18:02:27 -0500
On Fri, 14 Dec 2007 10:30:06 EST, Buz Dale said:
I would think if the ROTC brought up a machine on campus it would be be a federal (DOD) Gov't machine. As such, it should have very strict requirements. It's possible the staff in your local ROTC are not aware of this.
Please note that just because it's a DoD box doesn't mean the requirements are "very strict". When I was working on the Solaris benchmark document for the Center for Internet Security, I was surprised to find out that getting the benchmark into a form that DISA would agree with was a high-priority item. Of course, the rules for boxes that are covered by 5220.22-M or similar high-security rules are different, but the requirements for "bog standard server handling non-classified data" aren't all that amazing. If anything, most of the policies I see discussed on this list are *stricter* than the DISA requirements.
Attachment:
_bin
Description:
Current thread:
- Outside Entities Computers jason rinne (Dec 14)
- <Possible follow-ups>
- Re: Outside Entities Computers HALL, NATHANIEL D. (Dec 14)
- Re: Outside Entities Computers Buz Dale (Dec 14)
- Re: Outside Entities Computers Lovaas,Steven (Dec 14)
- Re: Outside Entities Computers Brad Judy (Dec 14)
- Re: Outside Entities Computers Adam Stone (Dec 14)
- Re: Outside Entities Computers Torres, Juan (Dec 14)
- Re: Outside Entities Computers Valdis Kletnieks (Dec 14)