[development] Certify Drupal for use in Government (US) Projects
Steven Peck
sepeck at gmail.com
Tue Sep 30 16:06:44 UTC 2008
Which government security review/standard?
There are dozens if not hundreds of competing standards/programs and
levels of auditing and determination depending on which department you
are dealing with. For example just one program was formerly known as
DITSCAP and is now DIACAP.
Many of these have more to do with procedures and policies then code.
Steven
On Tue, Sep 30, 2008 at 8:40 AM, Jon Saints <saintsjd at gmail.com> wrote:
> The names of Citizens are collected on the website along with some personal
> contact information. We were told that our application required the Medium
> level security certification.
>
> For collecting more sensitive information, certification becomes nearly
> impossible.
>
> Thanks
> Jon
>
> On Tue, Sep 30, 2008 at 9:35 AM, Gerhard Killesreiter
> <gerhard at killesreiter.de> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Jon Saints schrieb:
>>
>> > On a recent project for the US government, half way through the
>> > development process, our work was stopped by a government security
>> > review which said that Drupal (and open source software in general)
>> > is not suitable for use in government projects that house personal
>> > information due to security concerns.
>>
>> Just out of interest: What kind of information are we talking about?
>> Tax numbers, bank accounts?
>>
>> [...]
>>
>> > I notice other governments around the world are using Drupal with great
>> > success and savings to citizens:
>> > http://buytaert.net/new-zealand-government-using-drupal
>>
>> Seems like a showcase site only.
>>
>> Cheers,
>> Gerhard
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (GNU/Linux)
>>
>> iD8DBQFI4kdWfg6TFvELooQRArp1AKCdXFYZDMztJ7wrhhiOJOFG4q3/lACfbsXK
>> BX1vLaioeWG348yH/V/ufKs=
>> =yFhK
>> -----END PGP SIGNATURE-----
>
>
More information about the development
mailing list