Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Mar 2006 03:50:31 -0800 (PST)
From:      Peter Thoenen <eol1@yahoo.com>
To:        Jason M <talonz@gmail.com>, freebsd-security@freebsd.org
Subject:   Re: DSD Approved Products
Message-ID:  <20060313115031.4146.qmail@web51908.mail.yahoo.com>
In-Reply-To: <f325996d0603130203h5b14fd0drf4942c487208fe4e@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> I am considering installing several `servers' in a facility that
> needs to conform  with the products listed at: DSD Approved Products

You might want to contact your local government security wonk and ask
him if there is a open source loop hole.  The US Department of Defense
has a similar requirement that all Infosec / IA / crypto / blah blah
items must be approved by CSLA or various CSLA like agencies  (forgot
what established this .. been awhile .. want to say some DOD /DISA /
DODI / CJCSI reg).  Lots of good tools are open source though and the
cost of getting certified is outrageous with limited actual returns to
the software in question.  To combat this, a loophole was created to
exempt open source software.  You might have the same in Australia.

> As far as i can see freebsd performs above and beyond, for all the
> required criteria in the act. Can we see freebsd listed as an
approved > product in the near future?

I know for CSLA and NIST the process runs in the US$40.000 plus range. 
You fork the money over and you just might see it.  The problem isn't
getting on the list / meeting the requirements.  Its that the agency
that puts out this list requires the entity seeking approval to pay for
all associated costs to confirm your software / hardware does indeed
meet all the requirements.  This can get expensive quick .. especially
if you do not pass the first time.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060313115031.4146.qmail>