Hello all,
A few of items of discussion here:
1. Red Hat validates the shipped crypto modules in RHEL itself. CentOS
Stream is the evolving next release of those same modules. However,
because CentOS Stream is a developer-focused, evolving project, Red Hat
will not be validating the CentOS Stream modules themselves. Any issues,
bugs, functional or security problems discovered in CentOS Stream
(including the crypto modules) would indeed be filed as bugs, and
addressed in CentOS and RHEL.
2. While OpenSCAP and the profiles we build will be included in CentOS
Stream, they are treated as upstream from a support perspective. Our
work flow still starts with the Compliance As Code GIT repository
upstream, through CentOS Stream and into RHEL.
3. To be clear, code modifications and changes required to obtain
certifications such as FIPS and Common Criteria will certainly be
reflected in CentOS Stream (as all changes are, with the exception of
embargoed content). But the certifications themselves will only ever be
done on RHEL itself as that is the stable, long term supported release.
On 1/5/21 5:30 PM, Jeffrey Hawkins wrote:
Hi Mark,
Related topic....
Do you know if the FIPS Software Modules/Libraries that RedHat
certifies RHEL8.x will be included in CENTOS Stream (similar to
existing CENTOS approach), or will CENTOS Stream have different Crypto
Software?   Also, any nuances or strategy changes we may need to be
aware of as to OpenScap and Benchmarks for CENTOS Stream?
Jeff
------------------------------------------------------------------------
*From:* Mark Thacker <[email protected]>
*Sent:* Sunday, December 27, 2020 8:05 AM
*To:* SCAP Security Guide
<[email protected]>; Ted Brunell
<[email protected]>
*Subject:* Re: Any rumors on next draft for RHEL 8 STIG from DISA?
Hi all,
An update :
* RHEL 8 Common Criteria is in process and we expect to complete and
announce in EARLY Q1 CY2021
* RHEL 8 FIPS is finishing now! Actually, two of our certs are in hand
now for RHEL 8 with three more in the final stages (in Coordination
state). We expect to push a press release when we have all of the
module validation certificates completed.
Again, expect that we will announce more publicly when we have
completed the certifications for each of these standards.
On 12/2/20 4:30 PM, Ted Brunell wrote:
I cannot really talk much about CC and FIPS, but the STIG is expected
to be published by DISA (based on the draft STIG content on RHEL 8.2
and 8.3) sometime early next year.
DISA may be able to provide a more concise timeframe.
([email protected] <mailto:[email protected]>).
R/
Ted Brunell
On Wed, Dec 2, 2020 at 12:14 PM Hayden,Robert <[email protected]
<mailto:[email protected]>> wrote:
Curious on if anyone has any information on the next draft
release from DISA on RHEL 8 STIG benchmarks? The one in May was
pretty rough and did not really match where the current upstream
was moving towards.
Thanks in advance
Robert
*Robert Hayden*| Lead Technology Architect | Cerner Corporation
CONFIDENTIALITY NOTICE This message and any included attachments
are from Cerner Corporation and are intended only for the
addressee. The information contained in this message is
confidential and may constitute inside or non-public information
under international, federal, or state securities laws.
Unauthorized forwarding, printing, copying, distribution, or use
of such information is strictly prohibited and may be unlawful.
If you are not the addressee, please promptly delete this message
and notify the sender of the delivery error by e-mail or you may
call Cerner's corporate offices in Kansas City, Missouri, U.S.A
at (+1) (816)221-1024.
_______________________________________________
scap-security-guide mailing list --
[email protected]
<mailto:[email protected]>
To unsubscribe send an email to
[email protected]
<mailto:[email protected]>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
<https://lists.fedorahosted.org/archives/list/[email protected]>
_______________________________________________
scap-security-guide mailing list [email protected]
<mailto:[email protected]>
To unsubscribe send an email [email protected]
<mailto:[email protected]>
Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List
Archives:https://lists.fedorahosted.org/archives/list/[email protected]
<https://lists.fedorahosted.org/archives/list/[email protected]>
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
Red Hat <https://www.redhat.com>
[email protected] <mailto:[email protected]>
M: +1-214-636-7004 <tel:+1-214-636-7004> Twitter / IRC: @thackman
<https://www.redhat.com>
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
Red Hat <https://www.redhat.com>
[email protected] <mailto:[email protected]>
M: +1-214-636-7004 <tel:+1-214-636-7004> Twitter / IRC: @thackman
<https://www.redhat.com>
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
