...
Only need to address one of the 3 password storage alternatives
Alternative 2
\[AI\] Ron Ron will upload Bit Locker information to the wiki. Wiki Markup
- Decrypts sectors are they are read which meets the requirement to only decrypted when immediately needed for authn.
- Uses AES256 optionally which is approved
...
Focus on native issues for AD. Only identified use case was password store replication among AD servers.
...
- Lee uses IPSec \uses IPSec [AI\] Lee will check into recommendations for AD password store replication.
- Keep a note about provisioning for implementers and off-site data centers
Note about the Cookbook: Provide clear direction about practices that clear the bar and AM.unmigrated-wiki-markup
\[AI\] Mark to fill in 4.2.3.6.2 and 3.
\[AI\] Michael to update the existing rows to reflect today's discussionunmigrated-wiki-markup Wiki Markup
\[AI\] Eric to fill in 4.2.5.1, 4.2.5.2, 4.2.8.2.1. If If we can determine how to handle protected channels, these may fall out under that. Eric will review if there are other gaps besides protected channels.