Actually, Mark, you've kind of nailed it on the head for me. I would like to be able to know that the system is the way it's *supposed* to be instead of just kind of doing my best and hoping that something didn't break.
I was hoping that the validated modules area would have an XML file or something that could be downloaded and processed :-|. Anyway, it seems like it would be an appropriate addition to the SCAP scans since there is already the requirement to be enabled being checked for various profiles. I was just hoping that someone had magically created it. Thanks, Trevor On Mon, Oct 29, 2018 at 3:59 PM Mark Thacker <[email protected]> wrote: > We've definitely talked about this and there isn't a clear programmatic > means to achieve this. > Of course, we do log which specific version of the libraries that we build > and test against in our certification report. So, those could be used to > compare a running system against the certification report. > > Yes, I also understand that sometimes the desire is to be able to show > that CentOS or Fedora is NOT FIPS certified verses RHEL. Of course, that > assumes that the RHEL you are running on IS actually certified. > > On Mon, Oct 29, 2018 at 3:39 PM Gabe Alford <[email protected]> wrote: > >> Outside of going to >> https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search >> and clicking `search` with empty search parameters, don't know of >> anything. >> >> On Mon, Oct 29, 2018 at 1:33 PM Trevor Vaughan <[email protected]> >> wrote: >> >>> Hi All, >>> >>> Does anyone know of a project that can correlate the running operating >>> system with the latest information on the FIPS 140 approved products list. >>> >>> Basically, I'm looking for a command where I can run something like >>> `fipscertified` and get back a `0` or `1` based on the result of the >>> latest/updated data. >>> >>> Bonus points, I'd love to be able to point it at apps and have it tell >>> me, but that's a long shot given the statically compiled wonderland we all >>> seem to be living in these days. >>> >>> Thanks, >>> >>> Trevor >>> >>> -- >>> Trevor Vaughan >>> Vice President, Onyx Point, Inc >>> (410) 541-6699 x788 >>> >>> -- This account not approved for unencrypted proprietary information -- >>> _______________________________________________ >>> scap-security-guide mailing list -- >>> [email protected] >>> To unsubscribe send an email to >>> [email protected] >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/[email protected] >>> >> _______________________________________________ >> scap-security-guide mailing list -- >> [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> > > > -- > Mark Thacker > Principal Technical Product Manager, Security, Red Hat Enterprise Linux > Email: [email protected] > IRC / Freenode : mthacker > Mobile: +1-214-636-7004 > > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
