Date: Mon, 13 Mar 2006 03:50:31 -0800 (PST) From: Peter Thoenen <eol1@yahoo.com> To: Jason M <talonz@gmail.com>, freebsd-security@freebsd.org Subject: Re: DSD Approved Products Message-ID: <20060313115031.4146.qmail@web51908.mail.yahoo.com> In-Reply-To: <f325996d0603130203h5b14fd0drf4942c487208fe4e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I am considering installing several `servers' in a facility that > needs to conform with the products listed at: DSD Approved Products You might want to contact your local government security wonk and ask him if there is a open source loop hole. The US Department of Defense has a similar requirement that all Infosec / IA / crypto / blah blah items must be approved by CSLA or various CSLA like agencies (forgot what established this .. been awhile .. want to say some DOD /DISA / DODI / CJCSI reg). Lots of good tools are open source though and the cost of getting certified is outrageous with limited actual returns to the software in question. To combat this, a loophole was created to exempt open source software. You might have the same in Australia. > As far as i can see freebsd performs above and beyond, for all the > required criteria in the act. Can we see freebsd listed as an approved > product in the near future? I know for CSLA and NIST the process runs in the US$40.000 plus range. You fork the money over and you just might see it. The problem isn't getting on the list / meeting the requirements. Its that the agency that puts out this list requires the entity seeking approval to pay for all associated costs to confirm your software / hardware does indeed meet all the requirements. This can get expensive quick .. especially if you do not pass the first time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060313115031.4146.qmail>