We do have an installed_OS_is_certified check to handle verification that an OS is vendor supported, and to some degree, is a FIPS certified system.
On Mon, Oct 29, 2018 at 2:53 PM Trevor Vaughan <[email protected]> wrote: > Actually, Mark, you've kind of nailed it on the head for me. > > I would like to be able to know that the system is the way it's *supposed* > to be instead of just kind of doing my best and hoping that something > didn't break. > > I was hoping that the validated modules area would have an XML file or > something that could be downloaded and processed :-|. > > Anyway, it seems like it would be an appropriate addition to the SCAP > scans since there is already the requirement to be enabled being checked > for various profiles. I was just hoping that someone had magically created > it. > > Thanks, > > Trevor > > On Mon, Oct 29, 2018 at 3:59 PM Mark Thacker <[email protected]> wrote: > >> We've definitely talked about this and there isn't a clear programmatic >> means to achieve this. >> Of course, we do log which specific version of the libraries that we >> build and test against in our certification report. So, those could be used >> to compare a running system against the certification report. >> >> Yes, I also understand that sometimes the desire is to be able to show >> that CentOS or Fedora is NOT FIPS certified verses RHEL. Of course, that >> assumes that the RHEL you are running on IS actually certified. >> >> On Mon, Oct 29, 2018 at 3:39 PM Gabe Alford <[email protected]> >> wrote: >> >>> Outside of going to >>> https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search >>> and clicking `search` with empty search parameters, don't know of >>> anything. >>> >>> On Mon, Oct 29, 2018 at 1:33 PM Trevor Vaughan <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> Does anyone know of a project that can correlate the running operating >>>> system with the latest information on the FIPS 140 approved products list. >>>> >>>> Basically, I'm looking for a command where I can run something like >>>> `fipscertified` and get back a `0` or `1` based on the result of the >>>> latest/updated data. >>>> >>>> Bonus points, I'd love to be able to point it at apps and have it tell >>>> me, but that's a long shot given the statically compiled wonderland we all >>>> seem to be living in these days. >>>> >>>> Thanks, >>>> >>>> Trevor >>>> >>>> -- >>>> Trevor Vaughan >>>> Vice President, Onyx Point, Inc >>>> (410) 541-6699 x788 >>>> >>>> -- This account not approved for unencrypted proprietary information -- >>>> _______________________________________________ >>>> scap-security-guide mailing list -- >>>> [email protected] >>>> To unsubscribe send an email to >>>> [email protected] >>>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: >>>> https://lists.fedorahosted.org/archives/list/[email protected] >>>> >>> _______________________________________________ >>> scap-security-guide mailing list -- >>> [email protected] >>> To unsubscribe send an email to >>> [email protected] >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/[email protected] >>> >> >> >> -- >> Mark Thacker >> Principal Technical Product Manager, Security, Red Hat Enterprise Linux >> Email: [email protected] >> IRC / Freenode : mthacker >> Mobile: +1-214-636-7004 >> >> _______________________________________________ >> scap-security-guide mailing list -- >> [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 > > -- This account not approved for unencrypted proprietary information -- > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
