Re: Pre Production System Accreditation

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Wed, 05 Sep 2007 15:40:12 CDT, Dan Johnson said:

> As to the level of security needed... um, does that mean I have to take my
> home computer down a few levels from the top level DoD specifications as
> outlined by NIST?  Man, all that work... ;o)

Personally, I'd be interested in knowing how you got a home computer *up*
to those levels in the first place (hint - you probably blew it big time
on the "physical security" rules - for instance, DOD 5220.22-M, section 5-307
says:

      c.    GSA-approved security containers and approved vaults secured with a
locking mechanism meeting Federal Specification FF-L-2740 do not require
supplemental protection when the CSA has determined that the GSA-approved
security container or approved vault is located in an area of the facility with
security-in-depth.

So you got your server in one of these:

http://www.diebold.com/dnpssec/government/physical_security/IPS.htm

and it's locked with one of these:

http://www.mas-hamilton.com/a.php?page=x-09_main

Yeah, that's a lot of work :)

(Sorry, it's been a long day.. ;)

Attachment: _bin
Description: