Date: Mon, 13 Mar 2006 03:50:31 -0800 (PST) From: Peter Thoenen <eol1@yahoo.com> To: Jason M <talonz@gmail.com>, freebsd-security@freebsd.org Subject: Re: DSD Approved Products Message-ID: <20060313115031.4146.qmail@web51908.mail.yahoo.com> In-Reply-To: <f325996d0603130203h5b14fd0drf4942c487208fe4e@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
> I am considering installing several `servers' in a facility that > needs to conform with the products listed at: DSD Approved Products You might want to contact your local government security wonk and ask him if there is a open source loop hole. The US Department of Defense has a similar requirement that all Infosec / IA / crypto / blah blah items must be approved by CSLA or various CSLA like agencies (forgot what established this .. been awhile .. want to say some DOD /DISA / DODI / CJCSI reg). Lots of good tools are open source though and the cost of getting certified is outrageous with limited actual returns to the software in question. To combat this, a loophole was created to exempt open source software. You might have the same in Australia. > As far as i can see freebsd performs above and beyond, for all the > required criteria in the act. Can we see freebsd listed as an approved > product in the near future? I know for CSLA and NIST the process runs in the US$40.000 plus range. You fork the money over and you just might see it. The problem isn't getting on the list / meeting the requirements. Its that the agency that puts out this list requires the entity seeking approval to pay for all associated costs to confirm your software / hardware does indeed meet all the requirements. This can get expensive quick .. especially if you do not pass the first time.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060313115031.4146.qmail>