[OpenAFS] govenen laptop encryption requiements

Gary Buhrmaster gtb@slac.stanford.edu
Mon, 19 Feb 2007 11:26:10 -0800

ted creedon wrote:
> Have openafs users been affected by
> http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf ?

Anyone who is a "Fed" (or a Fed contractor) has had to deal
with that memo, and address the issues (quite some time
ago, actually).  Primarily, the point is to insure there is
not another VA incident (loss of PII).  If your agency has
to deal with this, there are a number of interesting
interpretations available via your favorite beltway bandit
regarding the actual steps needed to fully comply(*).  I do
not recall that OpenAFS had any special advantages or
disadvantages in addressing the compliance issues for this
memorandum, but your agency compliance officers may have a
different point of view, and are the officials to ask for
definitive answers.


(*) For those that are not conversant in Fed-speak (and
     for those who try to avoid it), Fed memos do not
     always say what you think they say.  Common English
     interpretations of the words written do not always
     result in the correct (in Fed-speak) interpretations.
     You often need one of the consultant firms to
     provide the guidance as to how they will actually
     be interpreted and measured against.