AD-Assurance Notes from April 26
Michael Brogan, UWash
Lee Amenya, UCSD
Mark Rank, UCSF
Brian Arkills, UWash
Jeff Capehart, UFL
Ron Thielen, UChicago
David Walker, InCommon/Internet2
Ann West, InCommon/Internet2
Next Call
May 3 at Noon ET
+1-734-615-7474 PREFERRED
+1-866-411-0013
0195240#
Tentative Call with MS : May 10
Agenda: Discuss Questions for Microsoft.
Action Items
- Everyone to clarify Questions for Microsoft in preparation for a call with them, tentatively, May 10.
- Ann to contact Dean to join us on May 10. Also suggest he include Tim Myers, Security Program Manager, Common Criteria and FIPS 140-2 Security Evaluations at Microsoft
- Ann/David will develop some intro materials that summarizes the Assurance Program and upper level issues that the group has identified.
Notes
- Encouragement from the Technical Advisory Committee this week to consider "good enough" solutions.
- Questions
- Review summary table and request verification.
- Memory storage of authn secret in scope for 4.2.3.4?
- What's the recommended/supported BitLocker configuration for use with AD-DS?
- Protected Channels - 4.2.3.6.1b - Gaps
- What does Secure Channel use?
- What's the impact of turning on the FIPS setting on all Domain Clients?
- RC4 HMAC encryption is not NIST or FIPS approved, and we would like to find out if it's comparable to those methodlogies that are. Can you help with this? (Link to the AM risk assessment questions.)
- Ann/David will develop some intro materials that summarizes the Assurance Program and upper level issues that the group has identified.
- Next Call: Finalize questions for May 10 call (tentative).