Les Bell wrote:
>
> "Ross S. W. Walker" <rwalker@xxxxxxxxxxxxx> wrote:
>
> >>
> I agree whole heartily. It would go a long way though if Redhat
> provided independent certification of their products under these
> compliance banners.
> <<
>
> RHEL 5 is Common Criteria certified against the Controlled Access
> Protection Profile (CAPP), Labelled Security Protection
> Profile (LSPP) and
> Role-Based Access Control Protection Profile (RBACPP) at EAL
> (Evaluation
> Assurance Level) 4+ (i.e. all requirements of EAL4 and some
> of EAL5), when
> running on certain hardware platforms (IBM). See
> http://www.commoncriteriaportal.org/public/consumer/index.php?
> menu=5 for
> the reports. That may be overkill for what you require, but
> if your system
> is certified and accredited, it usually stops auditors in
> their tracks.
>
> I agree with concerns about the inability of auditors to correctly
> interpret requirements. The Y2K panic provided lots of
> examples; I recall
> one junior auditor demanding that a network hub be replaced
> because it was
> not "certified Y2K compliant".
Thanks Les, naw it isn't over kill here as a publically traded
company with a commerical bank in Utah we get tag teamed by both
the SEC and the FDIC.
I'll definitely keep that bookmarked in the compliance portal!
-Ross
______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
