Re: DSD Approved Products

I am considering installing several `servers' in a facility that
needs to conform with the products listed at: DSD Approved Products

You might want to contact your local government security wonk and ask
him if there is a open source loop hole. The US Department of Defense
has a similar requirement that all Infosec / IA / crypto / blah blah
items must be approved by CSLA or various CSLA like agencies (forgot
what established this .. been awhile .. want to say some DOD /DISA /
DODI / CJCSI reg). Lots of good tools are open source though and the
cost of getting certified is outrageous with limited actual returns to
the software in question. To combat this, a loophole was created to
exempt open source software. You might have the same in Australia.

As far as i can see freebsd performs above and beyond, for all the
required criteria in the act. Can we see freebsd listed as an
approved > product in the near future?

I know for CSLA and NIST the process runs in the US$40.000 plus range.
You fork the money over and you just might see it. The problem isn't
getting on the list / meeting the requirements. Its that the agency
that puts out this list requires the entity seeking approval to pay for
all associated costs to confirm your software / hardware does indeed
meet all the requirements. This can get expensive quick .. especially
if you do not pass the first time.

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages