Open Source Applications on NIPR Desktop
Jeremy Coleman
CFK
Pushback from whom? And why? Can you put it on a different system, on a different network? Most of the time, they'll say 'no', and then you have to dig around to figure out what the actual problem is, and then offer some solutions that satisfy them and the problems they face. Remember, they can't read your mind, so they don't know why you need it, so right now, they may think the request is spurious.
Does anyone here have any experience with getting a Software Load Request approved for open source software on a US DoD Desktop? I'm looking for Air Force guidance in particular, but will take any information I can get my hands on. I am getting push back on a request for installing GIMP and Inkscape in order to handle image manipulation.
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jeremy Coleman
On Monday, October 23, 2017 at 1:19:10 PM UTC-6, CFK wrote:
Pushback from whom? And why? Can you put it on a different system, on a different network? Most of the time, they'll say 'no', and then you have to dig around to figure out what the actual problem is, and then offer some solutions that satisfy them and the problems they face. Remember, they can't read your mind, so they don't know why you need it, so right now, they may think the request is spurious.Thanks,Cem Karan
On Oct 23, 2017 2:39 PM, "Jeremy Coleman" <jeremy.d...@gmail.com> wrote:
Does anyone here have any experience with getting a Software Load Request approved for open source software on a US DoD Desktop? I'm looking for Air Force guidance in particular, but will take any information I can get my hands on. I am getting push back on a request for installing GIMP and Inkscape in order to handle image manipulation.--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
John Scott
Wheeler, David A
Per: “Clarifying Guidance Regarding Open Source Software (OSS)”
http://dodcio.defense.gov/Portals/0/Documents/OSSFAQ/2009OSS.pdf
a. In almost all cases, OSS meets the definition of “commercial computer software”
and shall be given appropriate statutory preference in accordance with 10 USC 2377
(reference (b)) (see also FAR 2.101(b), 12.000, 12.101 (reference (c)); and DFARS
212.212, and 252.227-7014(a)(1) (reference (d))).
…
c. DoD Instruction 8500.2, “Information Assurance (IA) Implementation,” (reference
(g)) includes an Information Assurance Control, “DCPD-1 Public Domain Software
Controls,” which limits the use of “binary or machine-executable public domain software
or other software products with limited or no warranty,” on the grounds that these items
are difficult or impossible to review, repair, or extend, given that the Government does
not have access to the original source code and there is no owner who could make such
repairs on behalf of the government. This control should not be interpreted as forbidding
the use of OSS, as the source code is available for review, repair and extension by the
government and its contractors.
Martin Dudel
https://army.deps.mil/netcom/sites/nw/CoNApproval/Lists/Networthiness%20Data/Restricted_Display.aspx?ID=16978
https://army.deps.mil/netcom/sites/nw/CoNApproval/Lists/Networthiness%20Data/Restricted_Display.aspx?ID=16750
Perhaps you can find an agreement of reciprocity and try to create the Air Force equivalent of a CoN based on these documents?
CFK
Show the WCO the licenses, and follow David Wheeler's advice.
To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.
Eric Skiff
DoDI 8500.01, “Cybersecurity,” March 14, 2014, cancelled DoDI 8500.2:
Per Enclosure I, References:
“(c) DoD Instruction 8500.2, “Information Assurance (IA) Implementation,” February 6, 2003 (hereby cancelled)”
The security controls evaluated in a DoD system undergoing assessment and authorization (A&A) now come from the NIST SP 800-53 Rev 4. catalog and are evaluated through the RMF process. DIACAP controls (e.g. DCPD-1) are no longer used. Open source software is discussed in CM-10 “Software Usage Restrictions” and CM-10(1) “Software Usage Restrictions | Open Source Software”
CM-10 SOFTWARE USAGE RESTRICTIONS
Control: The organization:
a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7.
Control Enhancements:
(1) SOFTWARE USAGE RESTRICTIONS | OPEN SOURCE SOFTWARE
The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions].
Supplemental Guidance: Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software.
References: None.
Priority and Baseline Allocation:
David Cantrell
--
Tom Butler
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.