Idea ID: 2783810

End to end encryption in OES-Client

Status : Delivered
over 2 years ago
Our security staff wish an end-to-end encryption for the whole datatraffic.

So the files will not be transferred between NCPserver and OESClient unencrypted.

Labels:

Novell Client
Parents
  • Yes, I'll also connect with you at Universe...any US DoD supplier with CUI (Controlled, Unclassified Data) will need at least CMMC level 3 certification (outside audit of supplier security plan). CMMC (and NIST SP 800-171) require CUI to be transmitted with and stored on encryption validated to NIST FIPS 140-2 or -3. Any DoD Supplier (this includes Universities accepting government contracts with certain FARS requirements) also fall directly into this category. So we would really like to get FIPS validation of the crypto in use for NCP and NSS to start down the road of validation (it's time consuming, and there are other Micro Focus PMs going through this same process...). If end users can point to a blog post or something that state's MF's intention to validate the crypto in OES through NIST, that's a huge step that could save a lot of OES deployments in these environments. That certainly isn't everything (we need to fix eDirectory and FIPS mode in the SLE kernel, and more) but it's a good start...

Comment
  • Yes, I'll also connect with you at Universe...any US DoD supplier with CUI (Controlled, Unclassified Data) will need at least CMMC level 3 certification (outside audit of supplier security plan). CMMC (and NIST SP 800-171) require CUI to be transmitted with and stored on encryption validated to NIST FIPS 140-2 or -3. Any DoD Supplier (this includes Universities accepting government contracts with certain FARS requirements) also fall directly into this category. So we would really like to get FIPS validation of the crypto in use for NCP and NSS to start down the road of validation (it's time consuming, and there are other Micro Focus PMs going through this same process...). If end users can point to a blog post or something that state's MF's intention to validate the crypto in OES through NIST, that's a huge step that could save a lot of OES deployments in these environments. That certainly isn't everything (we need to fix eDirectory and FIPS mode in the SLE kernel, and more) but it's a good start...

Children
No Data