Les Bell wrote: > > "Ross S. W. Walker" <rwalker@xxxxxxxxxxxxx> wrote: > > >> > I agree whole heartily. It would go a long way though if Redhat > provided independent certification of their products under these > compliance banners. > << > > RHEL 5 is Common Criteria certified against the Controlled Access > Protection Profile (CAPP), Labelled Security Protection > Profile (LSPP) and > Role-Based Access Control Protection Profile (RBACPP) at EAL > (Evaluation > Assurance Level) 4+ (i.e. all requirements of EAL4 and some > of EAL5), when > running on certain hardware platforms (IBM). See > http://www.commoncriteriaportal.org/public/consumer/index.php? > menu=5 for > the reports. That may be overkill for what you require, but > if your system > is certified and accredited, it usually stops auditors in > their tracks. > > I agree with concerns about the inability of auditors to correctly > interpret requirements. The Y2K panic provided lots of > examples; I recall > one junior auditor demanding that a network hub be replaced > because it was > not "certified Y2K compliant". Thanks Les, naw it isn't over kill here as a publically traded company with a commerical bank in Utah we get tag teamed by both the SEC and the FDIC. I'll definitely keep that bookmarked in the compliance portal! -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos