Re: Pre Production System Accreditation

[Ken Hanna <k-hann1 () UMN EDU>]

LOL!

Well, I guess I misinterpreted the rule... All I really have at home for
security:

http://philspector.files.wordpress.com/2007/06/computer_virus_protection.jpg

(http://philspector.files.wordpress.com/2007/06/computer_virus_protection.jpg,
if html does not come through)

That isn’t enough??

(Ya, it’s been a long day here as well!)

Dan Johnson

IS Comprehensive Services Senior

University of Wisconsin-Milwaukee

PO Box 469

Mellencamp Hall, Room B60

Milwaukee, WI 53201

(414)229-2911

“The stupid neither forgive nor forget; the naive forgive and forget;
the wise forgive but do not forget.”

Thomas Szasz, The Second Sin (1973) "Personal Conduct"

-----Original Message-----
From: Valdis Kletnieks [mailto:Valdis.Kletnieks () VT EDU]
Sent: Wednesday, September 05, 2007 4:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Pre Production System Accreditation

On Wed, 05 Sep 2007 15:40:12 CDT, Dan Johnson said:

> As to the level of security needed... um, does that mean I have to

> take my home computer down a few levels from the top level DoD

> specifications as outlined by NIST? Man, all that work... ;o)

Personally, I'd be interested in knowing how you got a home computer
*up* to those levels in the first place (hint - you probably blew it big
time on the "physical security" rules - for instance, DOD 5220.22-M,
section 5-307

says:

c. GSA-approved security containers and approved vaults secured with a

locking mechanism meeting Federal Specification FF-L-2740 do not require
supplemental protection when the CSA has determined that the
GSA-approved security container or approved vault is located in an area
of the facility with security-in-depth.

So you got your server in one of these:

http://www.diebold.com/dnpssec/government/physical_security/IPS.htm

and it's locked with one of these:

http://www.mas-hamilton.com/a.php?page=x-09_main

Yeah, that's a lot of work :)

(Sorry, it's been a long day.. ;)