Hi, I am considering installing several `servers' in a facility that needs to conform with the products listed at: DSD Approved Products http://www.dsd.gov.au/infosec/evaluation_services/epl/dap.html As far as i can see freebsd performs above and beyond, for all the required criteria in the act. Can we see freebsd listed as an approved product in the near future? Best Regards, Jason - RF & CO
> I am considering installing several `servers' in a facility that > needs to conform with the products listed at: DSD Approved ProductsYou might want to contact your local government security wonk and ask him if there is a open source loop hole. The US Department of Defense has a similar requirement that all Infosec / IA / crypto / blah blah items must be approved by CSLA or various CSLA like agencies (forgot what established this .. been awhile .. want to say some DOD /DISA / DODI / CJCSI reg). Lots of good tools are open source though and the cost of getting certified is outrageous with limited actual returns to the software in question. To combat this, a loophole was created to exempt open source software. You might have the same in Australia.> As far as i can see freebsd performs above and beyond, for all the > required criteria in the act. Can we see freebsd listed as anapproved > product in the near future? I know for CSLA and NIST the process runs in the US$40.000 plus range. You fork the money over and you just might see it. The problem isn't getting on the list / meeting the requirements. Its that the agency that puts out this list requires the entity seeking approval to pay for all associated costs to confirm your software / hardware does indeed meet all the requirements. This can get expensive quick .. especially if you do not pass the first time.
"Jason M" <talonz@gmail.com> writes:> I am considering installing several `servers' in a facility that > needs to conform with the products listed at: DSD Approved Products > http://www.dsd.gov.au/infosec/evaluation_services/epl/dap.html > > As far as i can see freebsd performs above and beyond, for all the > required criteria in the act. Can we see freebsd listed as an > approved product in the near future?Unfortunately, getting on that list costs a lot of money, and you have to start over with every new release. DES -- Dag-Erling Sm?rgrav - des@des.no
Hi Peter, On Mon, Mar 13, 2006 at 03:50:31AM -0800, Peter Thoenen wrote:> To combat this, a loophole was created to > exempt open source software. >Could you please explain what you mean with loophole in that context? TIA Thorsten -- /* Thorsten Steentjes, Hoeilaartsesteenweg 250, 3090 Overijse, Belgium */ /* Please remember: rm -rf means "read mail -really fast" */ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20060313/5b71827d/attachment.pgp
Jason M wrote:>Hi, > >I am considering installing several `servers' in a facility that needs >to conform >with the products listed at: DSD Approved Products >http://www.dsd.gov.au/infosec/evaluation_services/epl/dap.html > >I like the motto.. no beating around the bush.. "reveal their secrets.. protect our own">As far as i can see freebsd performs above and beyond, for all the required >criteria in the act. Can we see freebsd listed as an approved product in the >near future? > >Best Regards, > >Jason - RF & CO >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > >
On 3/13/06, Jason M <talonz@gmail.com> wrote:> I am considering installing several `servers' in a facility that needs > to conform > with the products listed at: DSD Approved Products >Thank you List for your input. I am investigating several loopholes that currently exist for the use of free source. 40/50k is a lot of money just to get a listing heh (places a few choice words about acquiring Australian standards here) Regards, Jason - RF & CO