[CentOS] CENTOS not DoD approved

Tue Apr 28 22:43:38 UTC 2015
Jason Pyeron <jpyeron at pdinc.us>

> -----Original Message-----
> From: Johnny Hughes
> Sent: Tuesday, April 28, 2015 18:10
> 
> On 04/28/2015 02:30 PM, John R Pierce wrote:
> > On 4/28/2015 9:49 AM, bobby Orellano wrote:
> >> nowhere does it say that centos is approved for use in 
> DoD. it is not on
> >> the APL, only RedHat and SuSE
> > 
> > 
> > DoD approval requires spending lots of money jumping 
> through arbitrary
> > hoops.   Do you wish to pay for this?
> > 
> > skimming the requirements, it also requires extensive 
> documentation of
> > said 'Product'.   Do you wish to write this?
> 

I have. (well not EAL4, but I have ATOs with Centos 6)

> CentOS is not approved for DOD use.  In fact, CentOS is not 
> now, nor has
> it ever been *certified* for anything.  Certifications 
> require people to
> PAY to certify a product.
> 
> Specifically, EAL4 Certification, a requirement for the DOD, 
> costs up to
> 2.5 million dollars .. see this link:
> 
> http://en.wikipedia.org/wiki/Evaluation_Assurance_Level#Impact_on_cost_and_schedule

To clarify, you do not need to be EAL4 Certified to be used at DoD, you need approval from your DAA (http://en.wikipedia.org/wiki/Designated_Approving_Authority). And your systems will need an ATO (https://ia.signal.army.mil/docs/DIACAPdefinitions.pdf).

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.