Just came across that about 4 mos ago. :) Seemed like the next generation of
tighter security for pfSense.
So, HardenedBSD is fork of FreeBSD that is pushing in more defense
(passive/active) into all the FreeBSD derivatives? Very cool. Nicer to have
something that only has 20 or so CVEs every year versus 200 or more. ;)
I just followed a large number of links and found G2 as well. Nice!
OpenSCAP, if it could at least give me some sense and peace of mind that I can
run it, get a result on paper and show the 'certifiers' that we have complied,
I'd be very happy.
Thank you for responding so quickly!
P
On Tuesday, March 26, 2019, 1:50:34 PM EDT, Shawn Webb
<[email protected]> wrote:
I'm not really a compliance guru, so I can't say whether HardenedBSD
comes closer to <insert compliance spec here>. I have looked into
Common Criteria/NIAP briefly for US Federal Government deployments in
certain high-security enclaves. HardenedBSD does come closer with
CC/NIAP, though there are still gaps to fill.
Have you looked at OPNsense? It's a fork of pfSense built on top of
HardenedBSD.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
Tor+XMPP+OTR: [email protected]
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
On Tue, Mar 26, 2019 at 05:42:43PM +0000, Paul Pathiakis wrote:
> Sorry for the top-post.
> Shawn,
> It seems that NIST, FIPS 140-2, and things along those lines are quickly
> becoming a complete reality for all people dealing with the US Gov't no
> matter what the size company.
> So, encryption modules must be FIPs approved for compliance and NIST 800-171
> is the other compliance that is needed.
>
> I've been tasked with creating an entire, new infrastructure that
> meets/complies with those specs.?? So, I dug in a little bit and found SCAP
> which lead to OpenSCAP.?? So, I get to put the whole thing behind pfSense
> firewalls and show that everything I'm running is compliant with both
> standards.
>
>
> Does HardenedBSD meet the requirements? :D?? (crosses fingers)
> Paul
>
>
> On Tuesday, March 26, 2019, 1:06:25 PM EDT, Shawn Webb
> <[email protected]> wrote:
>
> On Tue, Mar 26, 2019 at 05:02:48PM +0000, Paul Pathiakis via freebsd-ports
>wrote:
> > https://www.open-scap.org/
> >
> > Hi all,
> >
> > It's the US NIST scanner for operating system compliance.
> >
> > I'd like to use FreeBSD and FreeNAS in various places but it has to pass
> > compliance.
>
> I just asked my coworkers about it. They created OpenSCAP. :)
>
> What compliance requirements are you looking to pass?
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>
> Tor-ified Signal:?? ?? +1 443-546-8752
> Tor+XMPP+OTR:?? ?? ?? ?? [email protected]
> GPG Key ID:?? ?? ?? ?? ?? 0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89?? 3D9E 6A84 658F 5245 6EEE
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[email protected]"
