Yikes!!!

Joe Mamma

Senior Contributor
Joined
Mar 1, 2004
Messages
1,062
Location
Washington DC
I just got terrible news from our client's client:

You see, we are working for a company that has an document control app that manages clearances and personel access for defense contractors implementing the NISPOM requirements set down by the US DoD.

We are working on moving this app, which is run in heavily secure areas, to .NET from VB6 to the .NET framework in order to lots of things you simply can't do in VB6.

Well, we just found out, after 4 months of development, that .NET is not NSA accredited. Its not our fault, we were contracted to do .NET.

But man, what a huge set back.

So keep this in mind. If you are developing apps that will be running in public sector secure areas, or that will be used by companies that adhere to NSA accredidation, .NET is not the way to go right now.

Timeline you ask? well, Win 2000 didn't get accredited until last year, what, four years after its release??? NT 4 was never accredited in its lifetime???
.NET 1.1 is only a little over a year old?

We might be going all Sun Java now.

christ, this sucks!!!
 
Last edited by a moderator:
I don't understand how they can issue a mandate without checking on something so fundamental.

But, I'm sure that some of the big-wigs there can talk with the NSA to speed things along. (Not likely but it's worth a try)


 
... and they're still finding holes in Unix, Linux, Mac OS, BSD, Windows CE/Mobile, Symbian...

One hole is all you need.

Security is about being proactive and reactive, not about being perfect. No system is invunerable.

I'm curious as to why they're not recognizing the .NET platform however. Is it due to the platform itself (the base class libraries to be specific), the languages (this would make very little sense, if any at all), or Windows? I'm inclined to think the latter.
 
Living in DC, I really think it has to be due to the slooooowwww workings of the public sector.

I doubt it has anything to do with 'tech-politics.'

We are still trying to get clarification on this, too. It could be that it is approved only Navy (our client) hasn't approved it for in house. But our contact at Navy threw up the red flag when we were demo'ing our ASP.NET solutions.
 
Back
Top