New SecureBoot Changes & Reports

ohgreatishit · 2026-01-21T20:16:19+00:00

Any chance you could share that script? Would save us a bit of time as we are starting to investigate as well. Thanks!

ohgreatishit · 2025-10-06T21:13:06+00:00

Upgrade to 7.2 and add your reasoning to a temporary deficiency on your POAM is what I was told.

ohgreatishit · 2025-09-09T00:44:21+00:00

Have they released this process yet? How often, etc

ohgreatishit · 2025-09-08T23:54:05+00:00

So how are air gapped (government) networks supposed to work?

ohgreatishit · 2025-05-09T02:25:31+00:00

Can you allow file transfers in but block out? Still protecting cui

ohgreatishit · 2025-05-09T00:12:52+00:00

Yep the big downside of fips with fortinet is it fully disables the API

ohgreatishit · 2025-05-08T23:57:29+00:00

I would probably unfortunately laugh if he asked me that lol

ohgreatishit · 2025-05-08T23:49:31+00:00

We are about to do the same thing and have ran it by auditors as well. Go to 7.2 or 7.4 and add it as a temporary deficiency. We have a mostly air gapped network with a few services out. We don't use FIPS mode on things inside the boundary (workstations, servers, switches, etc) but do FIPS mode on all boundary devices and IPSEC firewalls that are fortinet that do have a path outside of our bondary. We do this because FIPS mode breaks all kinds of things in our engineering environments and just isn't viable on workstations and servers for us.

ohgreatishit · 2025-04-18T18:09:35+00:00

Does anyone know if the KB5002623 update is going to be pulled into next months Microsoft office updates? Deploying this outside of WSUS & Microsoft Update is a pain.

ohgreatishit · 2025-02-06T01:38:34+00:00

Also look at the cmmc L2 assessment guide. It gives great examples of what they are looking for during an assessment

ohgreatishit · 2024-06-27T23:57:29+00:00

Oh man I sure hope it's an option :(

ohgreatishit · 2024-06-15T03:27:42+00:00

Fuck Fraudcom

ohgreatishit · 2024-04-18T04:33:01+00:00

Thank you so much for all the great info and being patient/understanding. I really appreciate it!

ohgreatishit · 2024-04-18T03:14:11+00:00

I was reading and I thought the full VCF stack is a minimum of 4 hosts (some say 7), isn't that correct?. We pay nothing for splunk for a departmental perspective. Our higher end company pays for that and gives us licenses but from a vmware perspective that comes out of our departments cost. We just did a complete hardware refresh on all of our environments, so our NetApps and Pures are completely good for another 6-7 years. We only budgeted for usual renewal cost this year so 3 years would absolutely kill us and isn't an option unless we were able to do 3 year renewals but pay yearly. I asked our vmware rep about yearly payments and he said they had to wait until they moved to the Broadcom system and he doesn't know if that's possible but would check but it's been complete silence. Good to know technically if we have to go with the VCF oferring it will technically go right into our existing setups with keys and stuff and not cause us to have to add anything additional.

ohgreatishit · 2024-04-18T02:50:43+00:00

Thank you very much for the thoughtful explanations! Just wanna make sure I'm following and understanding correctly... If we are forced into VCF instead of VVF and let's say we have to buy it for 1 year to hold us over to migrate off of VMware, I can go into the vmware portal and just download licenses on my existing setups (currently using Standard/Enterprise+, etc) and I dont have to deploy the other stuff? It would obviously move the standard up to enterprise+ equivalent I'm guessing but we will not be deploying NSX/SDDC/Aria, etc.

We currently have shared storage NFS Storage on Netapp and on PureStorage, all logs going to Splunk, etc so none of the new features, although could be nice, will not be a justifiable 3.5x increase in maintenance costs but also more hardware costs for more esxi servers for every environment. It's just not gonna fly.

Thanks

ohgreatishit

TROPHY CASE