On Mon, Feb 09, 2009 at 09:27:59PM -0500, TJ wrote:
> >> > The SOX auditor ought to know better. Any auditor that
> >> > requires NAT is incompenent.
> >>
> >> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
> >> RFC1918 addressing ...
> >
> >SOX auditors are incompetent. I've been asked about anti-virus software on
> >UNIX servers and then asked to prove that they run UNIX.........
>
> Fair enough, but my point was that it isn't the auditors' faults in _all_
> cases.
> When the compliance explicitly requires something they are required to check
> for it, they don't have the option of ignoring or waving requirements ...
> and off the top of my head I don't recall if it is SOX that calls for
> RFC1918 explicitly but I know there are some that do.
Considering that RFC1918 says nothing about IPv at all, could that be a
blocker for deployment in general? That'd also make for an interesting
discussion re: other legacy protocols (IPX, anyone?)...
- Matt
--
I tend to think of "solution" as just a pretentious term for "thingy".
Doing that word substitution in my head makes IT marketing literature
somewhat more tolerable.
-- lutchann, in http://lwn.net/Articles/124703/
