Re: DSD Approved Products



I am considering installing several `servers' in a facility that
needs to conform with the products listed at: DSD Approved Products

You might want to contact your local government security wonk and ask
him if there is a open source loop hole. The US Department of Defense
has a similar requirement that all Infosec / IA / crypto / blah blah
items must be approved by CSLA or various CSLA like agencies (forgot
what established this .. been awhile .. want to say some DOD /DISA /
DODI / CJCSI reg). Lots of good tools are open source though and the
cost of getting certified is outrageous with limited actual returns to
the software in question. To combat this, a loophole was created to
exempt open source software. You might have the same in Australia.

As far as i can see freebsd performs above and beyond, for all the
required criteria in the act. Can we see freebsd listed as an
approved > product in the near future?

I know for CSLA and NIST the process runs in the US$40.000 plus range.
You fork the money over and you just might see it. The problem isn't
getting on the list / meeting the requirements. Its that the agency
that puts out this list requires the entity seeking approval to pay for
all associated costs to confirm your software / hardware does indeed
meet all the requirements. This can get expensive quick .. especially
if you do not pass the first time.

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: a general question (was: Re: GRUB and boot.b)
    ... > There's this bunch of folks who write linux software. ... > The first group wants the second group to use their stuff. ... One thing to keep in mind is that "open source" doesn't necessarily ... and it didn't cost me anything to do so (since ...
    (comp.os.linux.setup)
  • Re: a general question (was: Re: GRUB and boot.b)
    ... > There's this bunch of folks who write linux software. ... > The first group wants the second group to use their stuff. ... One thing to keep in mind is that "open source" doesn't necessarily ... and it didn't cost me anything to do so (since ...
    (alt.os.linux.redhat)
  • Re: STM32 ARM toolset advice?
    ... over runs of effort or timescale cost money ... But yes I pay a yearly maintenance contract for it. ... and then diving into the innards of open source software to fix a compiler ...
    (comp.arch.embedded)
  • Re: Why are SS/Medicare cards so crappy?
    ... or airplane pilots and those industries get huge subsidies. ... Microsoft adds $200-300 to the cost of every work station ... Google advertising doesn't change the price of bread. ... I know a lot about open source but I was also in the computer industry ...
    (rec.boats)
  • Re: R: Re: flet vars
    ... the cost of these versions, ... I think changes have to go through ANSI.. ... different from 1-implementation language like SLDJ. ... and the rest being open source projects. ...
    (comp.lang.lisp)