Port Request: OpenSCAP

Shawn Webb shawn.webb at hardenedbsd.org
Tue Mar 26 17:50:35 UTC 2019 

I'm not really a compliance guru, so I can't say whether HardenedBSD
comes closer to <insert compliance spec here>. I have looked into
Common Criteria/NIAP briefly for US Federal Government deployments in
certain high-security enclaves. HardenedBSD does come closer with
CC/NIAP, though there are still gaps to fill.

Have you looked at OPNsense? It's a fork of pfSense built on top of
HardenedBSD.

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
Tor+XMPP+OTR:        lattera at is.a.hacker.sx
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

On Tue, Mar 26, 2019 at 05:42:43PM +0000, Paul Pathiakis wrote:
>   Sorry for the top-post.
> Shawn,
> It seems that NIST, FIPS 140-2, and things along those lines are quickly becoming a complete reality for all people dealing with the US Gov't no matter what the size company.
> So, encryption modules must be FIPs approved for compliance and NIST 800-171 is the other compliance that is needed.
> 
> I've been tasked with creating an entire, new infrastructure that meets/complies with those specs.?? So, I dug in a little bit and found SCAP which lead to OpenSCAP.?? So, I get to put the whole thing behind pfSense firewalls and show that everything I'm running is compliant with both standards.
> 
> 
> Does HardenedBSD meet the requirements? :D?? (crosses fingers)
> Paul
>  
> 
> On Tuesday, March 26, 2019, 1:06:25 PM EDT, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:  
>  
>  On Tue, Mar 26, 2019 at 05:02:48PM +0000, Paul Pathiakis via freebsd-ports wrote:
> > https://www.open-scap.org/
> > 
> > Hi all,
> > 
> > It's the US NIST scanner for operating system compliance.
> > 
> > I'd like to use FreeBSD and FreeNAS in various places but it has to pass compliance.
> 
> I just asked my coworkers about it. They created OpenSCAP. :)
> 
> What compliance requirements are you looking to pass?
> 
> Thanks,
> 
> -- 
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
> 
> Tor-ified Signal:?? ?? +1 443-546-8752
> Tor+XMPP+OTR:?? ?? ?? ?? lattera at is.a.hacker.sx
> GPG Key ID:?? ?? ?? ?? ?? 0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89?? 3D9E 6A84 658F 5245 6EEE  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20190326/20a2066c/attachment.sig>

More information about the freebsd-ports mailing list