...
- Everyone to clarify Questions for Microsoft in preparation for a call with them, tentatively, May 10.
- Ann to contact Dean to join us on May 10. Also suggest he include Tim Myers, Security Program Manager, Common Criteria and FIPS 140-2 Security Evaluations at Microsoft
- Ann/David will develop some intro materials that summarizes the Assurance Program and upper level issues that the group has identified.
Notes
- Encouragement from the Technical Advisory Committee this week to consider "good enough" solutions.
- Questions
- Review summary table and request verification.
- Memory storage of authn secret in scope for 4.2.3.4?
- What's the recommended/supported BitLocker configuration for use with AD-DS?
- Protected Channels - 4.2.3.6.1b - Gaps
- What does Secure Channel use?
- What's the impact of turning on the FIPS setting on all Domain Clients?
- RC4 HMAC encryption is not NIST or FIPS approved, and we would like to find out if it's comparable to those methodlogies that are. Can you help with this? (Link to the AM risk assessment questions.)
- Ann/David will develop some intro materials that summarizes the Assurance Program and upper level issues that the group has identified.
- Next Call: Finalize questions for May 10 call (tentative).