DSD Approved Products
Peter Thoenen
eol1 at yahoo.com
Mon Mar 13 11:50:38 UTC 2006
> I am considering installing several `servers' in a facility that
> needs to conform with the products listed at: DSD Approved Products
You might want to contact your local government security wonk and ask
him if there is a open source loop hole. The US Department of Defense
has a similar requirement that all Infosec / IA / crypto / blah blah
items must be approved by CSLA or various CSLA like agencies (forgot
what established this .. been awhile .. want to say some DOD /DISA /
DODI / CJCSI reg). Lots of good tools are open source though and the
cost of getting certified is outrageous with limited actual returns to
the software in question. To combat this, a loophole was created to
exempt open source software. You might have the same in Australia.
> As far as i can see freebsd performs above and beyond, for all the
> required criteria in the act. Can we see freebsd listed as an
approved > product in the near future?
I know for CSLA and NIST the process runs in the US$40.000 plus range.
You fork the money over and you just might see it. The problem isn't
getting on the list / meeting the requirements. Its that the agency
that puts out this list requires the entity seeking approval to pay for
all associated costs to confirm your software / hardware does indeed
meet all the requirements. This can get expensive quick .. especially
if you do not pass the first time.
More information about the freebsd-security
mailing list