tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Cert. and accred. for gov't use.
Date Thu, 02 Dec 2004 16:36:58 GMT

I *think* what you're being told is BS.  From a technical perspective
there's no reason Tomcat and other Open-Source software can't be C&A'ed.
The usual issue people raise is the CYA (Cover Your ...) topic; whom do
we go to when it crashes?

The answer is numerous vendors, the choice is up to the client.  There
are huge (Big 4, HP, IBM, etc.) and smaller vendors who'll provide
24/7/265 disaster recovery and support services for Tomcat and other
open-source servers.

If Tomcat can be used in an FDA-validated environment (usually a
stricter set of requirements and procedures than general federal C&A)
(, I bet it can
be done in a normal C&A environment as well.  It'd be great to hear from
people/companies who've actually done it.

Yoav Shapira

>-----Original Message-----
>From: Sessoms, Mack []
>Sent: Thursday, December 02, 2004 11:29 AM
>Subject: Cert. and accred. for gov't use.
>Does anyone know if there is any reason why Tomcat can't be certified
>for use by the federal gov't?  Has anyone actually sent Tomcat through
>the federal C&A process?  I'm being told it can't be because it is open
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message