[Info-vax] Two-Factor Authentication

Bill Gunshannon bill.gunshannon at gmail.com
Tue Oct 22 20:14:17 EDT 2019


On 10/22/19 7:22 PM, Scott Dorsey wrote:
> =?UTF-8?Q?Arne_Vajh=c3=b8j?=  <arne at vajhoej.dk> wrote:
>> On 10/22/2019 2:01 PM, VAXman- at SendSpamHere.ORG wrote:
>>> Is anyone here using a two-factor authentication scheme with OpenVMS?
>>
>> VMS login over TCP/IP?
> 
>     -- Big market for this.  Lots of contracts for systems require it these
>        days.   You can't expect to sell to the government without it.

Defense Information Systems Agency (DISA), the DOD IT watchdog stopped
even looking at VMS systems back in 2009 when I was there and offered
to help update the, already ancient, Security Readiness Review (SRR)
and Security Technical Implementation Guide (STIG) for VMS.

> 
>> VMS login console?
> 
>     -- Would be nice but not all that critical since VMS systems are usually
>        in places with good physical security.  In the New x86 era, they are
>        likely to be virtual systems and the virtual host can be trusted with
>        some amount of authentication.  So not as big a deal, and harder to do.

2FA is required even on computer systems inside SCIFs.  Big doors
do not eliminate the requirement.

bill




More information about the Info-vax mailing list