On Fri, May 8, 2015 at 8:05 PM, Marc <m...@marcd.org> wrote: > Hi Jeff, I'm not where I can get it for you right now but the State > Department has that guidance. Check their web site. Our folks have to check > in with them on out of country travel. I can go into a little more depth > off list about temp devices and accounts and other stuff. ..some is fouo and > up but some I can share. > Yeah, for non-diplomats, this seems to be a problem.
Full disk encryption with trusted execution environments will help with malware that attempts to burrow in. But it won't help with the Chinese government because it has legal access to everything (http://www.nytimes.com/2015/01/29/technology/in-china-new-cybersecurity-rules-perturb-western-tech-companies.html). And I can't see a way to give someone access to their email because the Chinese government has legal access to it. I think its very risky to allow outsiders, like the Chinese government, to access an Inbox with 5 or 10 years or archives. There's just no way to protect company secrets and intellectual property. Jeff > -------- Original message -------- > From: Jeffrey Walton > Date:05/08/2015 19:01 (GMT-05:00) > To: FunSec List > Subject: [funsec] IT Sec Policies on travel from US to China? > > I've tried Googling, but I'm turning up spurious noise... Is anyone > aware of some sample IT security policies and procedures for > travelling from US to China? > > Does the DoD offer something STIG-like for guidance? > > I'm especially interested in temporary laptops and temporary phones; > how to handle the device radios (like 802.11 and NFC); temporary > credentials for VPN; and how to handle email. Email is confounding > because its so damn insecure at so many levels. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
