ITAR Compliance

Attention reader – This is notes that will eventually be turned into a general purpose document at a later date.

ISU EAR/ITAR policy definition: http://policy.iastate.edu/policy/export

Topics:.

ITAR –

  • encrypted hard drives
  • anti-virus mandate.
  • data loss prevention
  • Data controls (restrict USB ports, CD/DVD ROMS, locked PC case)
  • 2 factor authentication.
  • no local admins
  • intrusion detection system (IDS)
  • private network – ? Would a GW for Zion cluster be allowed
  • no NetBIOS name broadcasts
  • USER TRAINING, ¬†verbal and in writing.
  • no auto-mounting
  • Two-factor authentication:
    • Something the user knows (e.g., password, PIN, pattern);
    • Something the user has (e.g., ATM card, smart card, mobile phone); and
    • Something the user is (e.g., biometric characteristic, such as a fingerprint).

     

Questions:

  • Use file system or block level encryption?
  • What multi-factor authentication solutions work best?
  • Does ISU maintain US National status in AD or other group?
  • Does ISU provide group policies to harden MS directory clients? What policies should be set in such a policy?¬† (no auto-mount, mandate AV, etc)

Linux storage encryption

File system level

https://launchpad.net/ecryptfs

http://www.arg0.net/encfs

Block level

http://sourceforge.net/projects/loop-aes/

http://www.truecrypt.org/

http://code.google.com/p/cryptsetup/

next

Comments are closed.

liseli porno lezbiyen porno zenci porno