Building OpenVox with FIPS Compliance documentation #76
Description
FIPS compliancy is a key requirement for many secure environments, and it would be great if guidance could be provided on how to build OpenVox using FIPS compliant linked libraries.
I see there is some logic already for specifying a fips compliant openssl package to build with. This seems feasible, albeit undocumented.
Both Open Source Puppet, and Puppet Core do not offer any kind of guidance for fips building/packaging, and instead they try to push you to Puppet Enterprise and a major upsell. I believe this is yet another area where the OpenVox community can stand out as as a superior alternative.
Questions:
- Does anybody know if there are other steps necessary for making openvox comply with FIPS, other than linking the OpenSSL fips enabled package at run time and building + running on a FIPS enabled OS?
- Is this documentation or guidance something that OpenVox would be interested in pursuing?
-
- If so, my team and I may be interested in contributing to this effort. How could we get involved?