Hallo Stephen, > Well the two things I missed were: A documentation outlining all the > steps being done, and that this is more of a hardening document. It > can't bring a system to EAL3/4/x because the hardware and other parts > need to be evaluated in toto by some 'authority'.
Yes, a more detailed documentation on the steps done with those puppet modules (and the ones not done by the modules but still required) is something I wanted to do, but for time constrains I preferred to write down the operational stuff, leaving for better days complete docs. > I don't want to come across as a nitpicker, but the difference is > important for people who really need EAL-X. A common problem I have > seen is that someone will find something listed as EAL4 and then > finding out when the auditors show up they didn't have what they > expected. I don't know the best solution to this, but labeling things > as hardening guidelines to help meet CAPP is probably better You're right in underlining this but that's what I actually tried to express writing: "Consider it a work in progress and by no means a complete solution to achieve a certified EAL4+ system (that involves further steps that range from installation of a systems to operations). " o, in the linked http://www.example42.com/wiki/EalHardening page: "EAL4+ compliance requires much more than what is configured with the puppet modules provided here: it's a process that starts from the hardware choice, the physical location and accessibility of the servers, their installation, the configuration of the base system (what is covered here) and the used services and also the day by day operations on the system." but maybe you're right if you consider the title of the post, which might be confusing under this point of view. Best regards, Alessandro Franceschi --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
