[CentOS] Apache RPM's
Les Bell
lesbell at lesbell.com.au
Wed Feb 13 21:17:40 UTC 2008
"Ross S. W. Walker" <rwalker at medallion.com> wrote:
>>
I agree whole heartily. It would go a long way though if Redhat
provided independent certification of their products under these
compliance banners.
<<
RHEL 5 is Common Criteria certified against the Controlled Access
Protection Profile (CAPP), Labelled Security Protection Profile (LSPP) and
Role-Based Access Control Protection Profile (RBACPP) at EAL (Evaluation
Assurance Level) 4+ (i.e. all requirements of EAL4 and some of EAL5), when
running on certain hardware platforms (IBM). See
http://www.commoncriteriaportal.org/public/consumer/index.php?menu=5 for
the reports. That may be overkill for what you require, but if your system
is certified and accredited, it usually stops auditors in their tracks.
I agree with concerns about the inability of auditors to correctly
interpret requirements. The Y2K panic provided lots of examples; I recall
one junior auditor demanding that a network hub be replaced because it was
not "certified Y2K compliant".
Best,
--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909
More information about the CentOS
mailing list