Friday, January 30, 2015

Government Certification and Accreditation Made Easy

I wanted to highlight this week the resources that will help you with Government certifications and Accreditations. There is a great resource page that highlights everything but I wanted to list the middleware specific ones below. These will help you comply with a variety of the government Requirements. You can find the government standards page here.

Common Criteria Certification (CCC):
JBoss EAP 5 is EAL4+ Certified. You can find the configuration guide here.

JBoss EAP 6.2 is being evaluated for EAL4+ Certification. You can find more about the certification process here.

There are some tools that help with compliance:
OpenSCAP is a tool for running Security Content Automation Protocol (SCAP) content. The project is the upstream for the openscap tool that ships in Red Hat Enterprise Linux.

The SCAP Workbench provides a simpler interface for creating and editing SCAP content.

The Baseline compliance content in SCAP formats is located on github  - https://github.com/OpenSCAP/scap-security-guide

Communities that help:
The Red Hat-sponsored gov-sec community is a moderated mailing list for US government security professionals.

Military Open Source Working Group (Mil-OSS) is a community of open source enthusiasts in the DOD. It is not affiliated with Red Hat in any way, but many Red Hat folks are active members. If you are interested in any of the information on this page, there's a good chance you'll enjoy this group. You can find more information on the Mil-OSS website.