RE: Apache RPM's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



"Ross S. W. Walker" <rwalker@xxxxxxxxxxxxx> wrote:

>>
I agree whole heartily. It would go a long way though if Redhat
provided independent certification of their products under these
compliance banners.
<<

RHEL 5 is Common Criteria certified against the Controlled Access
Protection Profile (CAPP), Labelled Security Protection Profile (LSPP) and
Role-Based Access Control Protection Profile (RBACPP) at EAL (Evaluation
Assurance Level) 4+ (i.e. all requirements of EAL4 and some of EAL5), when
running on certain hardware platforms (IBM). See
http://www.commoncriteriaportal.org/public/consumer/index.php?menu=5 for
the reports. That may be overkill for what you require, but if your system
is certified and accredited, it usually stops auditors in their tracks.

I agree with concerns about the inability of auditors to correctly
interpret requirements. The Y2K panic provided lots of examples; I recall
one junior auditor demanding that a network hub be replaced because it was
not "certified Y2K compliant".

Best,

--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux