[Secure-testing-team] Debian CCEVS validation
Thijs Kinkhorst
thijs at debian.org
Mon Jun 22 08:22:29 UTC 2009
Hi Kevin,
On Fri, June 19, 2009 17:32, Michael S. Gilbert wrote:
> On Thu, 18 Jun 2009 14:33:13 -0700, Crain, Kevin wrote:
>
>> Dear Sirs:
>>
>>
>> I was wondering if there has been any effort to have Debian validated
>> on the CCEVS validated products list
>> (http://www.niap-ccevs.org/cc-scheme/vpl/). Without a CCEVS
>> certification, Debian cannot be used on a certified network as a public
>> facing server in the DoD. Currently there is not a non-commercially
>> supported Linux distro on that list, but it sure would be nice to have
>> Debian on there.
> What does the certification process entail? Are there costs involved?
> As an all-volunteer organization, Debian does not have much money to
> spend. It seems that it would probably be better for interested parties
> within DoD will to push for this, rather than volunteers from Debian.
According to this web page:
http://www.niap-ccevs.org/cc-scheme/getting-product-evaluated.cfm
a product can be evaluated when a sponsor is able and willing to take a
product through this process. This means that an organisation that wants
to use Debian and needs this certification can pull Debian through the
process. If there are costs involved I believe the sponsor will need to
supply them.
That means that if your organisation wants to use Debian, perhaps you can
get them to certify it. Of course Debian itself is willing to supply
needed documentation or explanations, but the initiative would normally
not come from us.
cheers,
Thijs
More information about the Secure-testing-team
mailing list