Re: DSD Approved Products
> I am considering installing several `servers' in a facility that
> needs to conform with the products listed at: DSD Approved Products
You might want to contact your local government security wonk and ask
him if there is a open source loop hole. The US Department of Defense
has a similar requirement that all Infosec / IA / crypto / blah blah
items must be approved by CSLA or various CSLA like agencies (forgot
what established this .. been awhile .. want to say some DOD /DISA /
DODI / CJCSI reg). Lots of good tools are open source though and the
cost of getting certified is outrageous with limited actual returns to
the software in question. To combat this, a loophole was created to
exempt open source software. You might have the same in Australia.
> As far as i can see freebsd performs above and beyond, for all the
> required criteria in the act. Can we see freebsd listed as an
approved > product in the near future?
I know for CSLA and NIST the process runs in the US$40.000 plus range.
You fork the money over and you just might see it. The problem isn't
getting on the list / meeting the requirements. Its that the agency
that puts out this list requires the entity seeking approval to pay for
all associated costs to confirm your software / hardware does indeed
meet all the requirements. This can get expensive quick .. especially
if you do not pass the first time.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 2 之 11 篇):