[EMAIL PROTECTED] wrote:
>Hi,
>
>Is there a draft version of the Security Policy that
>is downloadable from somewhere? I have spent a while
>looking but I haven't been able to find it.
>
>Thanks,
>
>Jonathon.
There is a draft Security Policy, which will be released
as part of the source distribution. However, I have not
yet released it publicly because 1) it is written in the
present tense, as if the FIPS 140 validation were already
awarded, 2) it makes a number of very specific claims
and assertions that have not yet received final review
and approval by the CMVP lab and NIST, and 3) we are still
actively making revisions in response to the ongoing CMVP
test lab review.
NIST frowns on premature or inaccurate claims of validation.
This validation and this Security Policy will be the first
of a kind and we want to be sure we have it exactly right.
A number of interested parties have been invited to review
this document, on a non-disclosure basis, and we have
received some very good feedback. If you are interested in
reviewing an advance copy for such review please contact John
Weathersby of the Open Source Software Institute,
[EMAIL PROTECTED]
-Steve M.
Steve Marquess
DMLSS Technical Manager
JMLFDC, 623 Porter Street, Ft. Detrick, MD 21702
DSN 343-3933, COM 301-619-3933, FAX 301-619-7831
[EMAIL PROTECTED]
