[CentOS] Apache RPM's

[Ross S. W. Walker]

Les Bell wrote:
> 
> "Ross S. W. Walker" <rwalker at medallion.com> wrote:
> 
> >>
> I agree whole heartily. It would go a long way though if Redhat
> provided independent certification of their products under these
> compliance banners.
> <<
> 
> RHEL 5 is Common Criteria certified against the Controlled Access
> Protection Profile (CAPP), Labelled Security Protection 
> Profile (LSPP) and
> Role-Based Access Control Protection Profile (RBACPP) at EAL 
> (Evaluation
> Assurance Level) 4+ (i.e. all requirements of EAL4 and some 
> of EAL5), when
> running on certain hardware platforms (IBM). See
> http://www.commoncriteriaportal.org/public/consumer/index.php?
> menu=5 for
> the reports. That may be overkill for what you require, but 
> if your system
> is certified and accredited, it usually stops auditors in 
> their tracks.
> 
> I agree with concerns about the inability of auditors to correctly
> interpret requirements. The Y2K panic provided lots of 
> examples; I recall
> one junior auditor demanding that a network hub be replaced 
> because it was
> not "certified Y2K compliant".

Thanks Les, naw it isn't over kill here as a publically traded
company with a commerical bank in Utah we get tag teamed by both
the SEC and the FDIC.

I'll definitely keep that bookmarked in the compliance portal!

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.