[Openstack-security] Cryptographic Export Controls and OpenStack
Clark, Robert Graham
robert.clark at hp.com
Tue Apr 15 08:38:16 UTC 2014
Does anyone have a documented run-down of changes that must be made to OpenStack configurations to allow them to comply with EAR requirements? http://www.bis.doc.gov/index.php/policy-guidance/encryption
It seems like something we should consider putting into the security guide. I realise that most of the time it’s just “don’t use your own libraries, call to others, make algorithms configurable” etc but it’s a question I’m seeing more and more, the security guide’s compliance section looks like a great place to have something about EAR.
-Rob
More information about the Openstack-security
mailing list