Mac laptops present encryption challenge

Like many agencies, the National Institutes of Health owns some Apple Mac laptops in addition to those that run the Microsoft Windows and Linux operating systems. The problem is that the National Institute of Standards and Technology has not yet approved an encryption solution for the Macs as it has for the other two platforms.

As a result, NIH restricted the use of sensitive data on its Mac laptops while its vendor, Check Point, modified its PointSec encryption for the Macs, said John "Jack" Jones, chief information officer at NIH and acting director of its Center for IT. NIH is awaiting NIST's approval of the modified software, he said. NIST evaluates encryption products on a first-come, first-served basis.

The Office of Management and Budget is aware of this gap as agencies try to meet the federal encryption mandate.

"Agencies should consider the potential risk associated with the placement of sensitive information on those laptops against their business needs and ensure there are proper compensating controls in place to protect the information accordingly," said Karen Evans, administrator of e-government and information technology at OMB.

That's the approach NIH officials are taking with their Macs.

"We've been saying as soon as we get ours tested, we probably ought to take the risk that it will be approved and keep track of what we put where," Jones said. "A laptop with encryption that has a flaw in it is safer on average than a laptop with no encryption."

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group