Regarding your point Saqib. Does your solution not have multi user at pre-boot?
Most vendoes now support multiple users at pre boot so that the software engineer just calls up the help desk gets the admin creds (or uses Challenge/Response) to access the PC whilst never asking the user to be involved. I actually thought this was the defacto standard nowadays? Hope this other option works - using C/R. Thanks Tony ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, August 17, 2007 7:00 PM Subject: FDE Digest, Vol 11, Issue 12 > Send FDE mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.xml-dev.com/mailman/listinfo/fde > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of FDE digest..." > > > Today's Topics: > > 1. Re: New DoD encryption mandate and TPM requirements > (Bryan Glancey) > 2. Re: New DoD encryption mandate and TPM requirements > (Mike Markowitz) > 3. http://www.xml-dev.com/pipermail/fde/2007-August/000568.html > (Andreas W. Kuhn) > 4. Re: New DoD encryption mandate and TPM requirements (Ali, Saqib) > 5. IT support accounts on FDE secured computers (Ali, Saqib) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 16 Aug 2007 16:51:55 -0500 > From: "Bryan Glancey" <[EMAIL PROTECTED]> > Subject: Re: [FDE] New DoD encryption mandate and TPM requirements > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="US-ASCII" > > The rest of Grimes Memo links to the DARTT (Data At Rest Tiger Team) - > which does not include Wave Sys. Therefore Wave Sys is legally barred > from Federal Government sales for the next 5 years. > > The list of DARTT approved vendors can be found on > http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/0 > 6-18-2007/0004610437&EDATE= > > > The included vendors from this press release are: > > " Products are Mobile Armor LLC's Data Armor; Safeboot NV's Safeboot > Device Encryption; Information Security Corp.'s Secret Agent; SafeNet > Inc.'s SafeNet ProtectDrive; Encryption Solutions Inc.'s SkyLOCK > At-Rest; > SPYRUS Inc.'s Talisman/DS Data Security Suite; WinMagic Inc.'s > SecureDoc; > CREDANT Technologies Inc.'s CREDANTMobile Guardian and GuardianEdge > Technologies' GuardianEdge." > > If you would like to validate the legality of GSA SmartBuy and > purchasing on or off the Blanket Purchase Agreements: > > http://www.gsa.gov/Portal/gsa/ep/contentView.do?programId=8399&channelId > =-18846&ooid=22458&contentId=23207&pageTypeId=8199&contentType=GSA_BASIC > &programPage=%2Fep%2Fprogram%2FgsaBasic.jsp&P=SBUY > > > > > ------------------------------------ > Mobile Armor > Bryan E. Glancey > Senior Vice President & Chief Technology Officer > [EMAIL PROTECTED] > 400 South Woods Mill Rd. > Suite 110 > Chesterfield, MO 63017 > tel: 877-276-6778 > fax: 877-277-7369 > mobile: 314-495-2048 > http://www.mobilearmor.com/ > ------------------------------------ > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Ali, Saqib > Sent: Thursday, August 16, 2007 12:16 AM > To: [email protected] > Subject: [FDE] New DoD encryption mandate and TPM requirements > > John Grimes' (DOD chief information officer) July 3rd memo is > mandating encryption for all sensitive but unclassified information on > mobile devices in compliance with FIPS 140-2. "Mobile devices" > include laptops, PDAs, CDs, flash drives, etc. > See: > http://iase.disa.mil/policy-guidance/dod-dar-tpm-decree07-03-07.pdf > > Also all new computer assets (servers, notebooks, desktops, PDAs) must > have TPM (if available). I guess this is good news for Wavesys > <http://www.wavesys.com/ >. Wavesys is the only company that makes > enterprise grade TPM management suite that can be centrally managed. > > But I think more and more FDE vendors will now start supporting TPM > for encryption key management, and trusted device management. > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > > > > ------------------------------ > > Message: 2 > Date: Thu, 16 Aug 2007 17:26:38 -0500 > From: Mike Markowitz <[EMAIL PROTECTED]> > Subject: Re: [FDE] New DoD encryption mandate and TPM requirements > To: [email protected] > Cc: <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=us-ascii; format=flowed; > x-avg-checked=avg-ok-4B07275A > > > At 04:51 PM 8/16/2007, Bryan Glancey wrote: > >>The included vendors from this press release are: >> >>" Products are Mobile Armor LLC's Data Armor; Safeboot NV's Safeboot >>Device Encryption; Information Security Corp.'s Secret Agent; SafeNet >>Inc.'s SafeNet ProtectDrive; Encryption Solutions Inc.'s SkyLOCK >>At-Rest; >>SPYRUS Inc.'s Talisman/DS Data Security Suite; WinMagic Inc.'s >>SecureDoc; >>CREDANT Technologies Inc.'s CREDANTMobile Guardian and GuardianEdge >>Technologies' GuardianEdge." > > The vendor list in the memo might be correct, but as a product list, > it's far from exhaustive. Looks like the info was lifted from the > err-filled FCW article (or equally bad GSA press release) rather > than from the ESI BPA contract documents themselves. > > Bottom line: there are many more products covered by the BPAs than > are listed here. > > It's bad enough (though expected) to have to fight competitive > marketing spin, but having to counter misinformation published by > the very government agencies responsible for administrating the > ESI BPA program gets to be awfully frustrating! > > -mjm > > > > ------------------------------ > > Message: 3 > Date: Thu, 16 Aug 2007 23:14:01 -0400 > From: "Andreas W. Kuhn" <[EMAIL PROTECTED]> > Subject: [FDE] > http://www.xml-dev.com/pipermail/fde/2007-August/000568.html > To: <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Bryan, > > I think you got a couple of things quite wrong. Wave does not build FDE > encryption tools. Wave Systems builds management tools for the TPM > environment and Seagate MOMENTUS FDE.2 encrypting drives. > > No need to abuse this forum for competitive reasons. > > Andreas W. Kuhn > Toronto, Canada > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.xml-dev.com/pipermail/fde/attachments/20070816/652ab00a/attachment-0001.html > > ------------------------------ > > Message: 4 > Date: Thu, 16 Aug 2007 22:18:06 -0700 > From: "Ali, Saqib" <[EMAIL PROTECTED]> > Subject: Re: [FDE] New DoD encryption mandate and TPM requirements > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > On 8/16/07, Bryan Glancey <[EMAIL PROTECTED]> wrote: >> The rest of Grimes Memo links to the DARTT (Data At Rest Tiger Team) - >> which does not include Wave Sys. Therefore Wave Sys is legally barred >> from Federal Government sales for the next 5 years. > > As the name (Data At Rest) suggests, the list only includes encryption > providers. Whereas Wavesys is a TPM management suite. Which is a > completely different beast. Barring Wavesys from Gov't sales would not > make much sense, as it is the only viable enterprise grade TPM > management suite. > > saqib > http://www.linkedin.com/in/encryption > > > ------------------------------ > > Message: 5 > Date: Fri, 17 Aug 2007 08:09:19 -0700 > From: "Ali, Saqib" <[EMAIL PROTECTED]> > Subject: [FDE] IT support accounts on FDE secured computers > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > As it turns out, deploying FDE to users is not the most complex task - > providing day-2-day IT support is. > > My cousin works for a medium sized financial institution which > recently deployed FDE. Providing day-to-day IT support to the users is > becoming a hassle. Every time the IT support person has to work on > laptop the owner must be present to enter their credentials into the > pre-boot authentication. > > Can anyone give me some real-word examples of how other institutions > have tackled this issue? How do they the allow the IT support person > to work on the laptop if the user is not present and laptop is > turn-off? > > saqib > http://www.linkedin.com/in/encryption > > > ------------------------------ > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > > > End of FDE Digest, Vol 11, Issue 12 > *********************************** > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
