[Openstack-security] Cryptographic Export Controls and OpenStack

Clark, Robert Graham robert.clark at hp.com
Tue Apr 15 08:38:16 UTC 2014


Does anyone have a documented run-down of changes that must be made to OpenStack configurations to allow them to comply with EAR requirements? http://www.bis.doc.gov/index.php/policy-guidance/encryption

It seems like something we should consider putting into the security guide. I realise that most of the time it’s just “don’t use your own libraries, call to others, make algorithms configurable” etc but it’s a question I’m seeing more and more, the security guide’s compliance section looks like a great place to have something about EAR.

-Rob




More information about the Openstack-security mailing list