Subject: Re: NetBSD US Government Certified?
To: None <email@example.com>
From: Andy Wallis <firstname.lastname@example.org>
Date: 08/05/2003 12:32:44
> Does NetBSD have a US Government security certification like Linux and
> Windows have?
As far as I know, no company has submitted NetBSD for a Common Critera review.
In my experience, most companies that look at Operating Systems based
on that information rarely take the steps required to make the machine conform
to the system and configuration that was used in the review. My favorite was a
friend of mine who purchased Windows 2000 machines because it got an C2 rating.
When I asked if he has run the C2setup program to lock the machine down, he was
suprised because he had never heard that the ratings were based on a certain
software and hardware configuration.
In all fairness, submitting an OS or application for CC review is not for the
faint of heart. After taking the months to years for review, any changes made
to the system must have said system reviewed again. CC is only meant for a
static system that would be in place until the machine or OS is decomsioned.
I doubt that Wasabi Systems or a group of users would or ever could submit a
version of NetBSD for review. The review is costly, time consuming, and is only
useful if you want to bid or be used on US government contracts that require
a certain level of CC conformity.