QUESTION: Can this be used with CENTOS 6?

[cowmix]

In general, is CENTOS 6 DISA certified?

[fcaviggia]

Technically, no, CentOS lacks the Common Criteria evaluation, the FIPS certifications, and support that RHEL has - individual DAOs may waive those requirements. As Red Hat employee, I do some testing on CentOS, but anything I do for a customer or put in production is RHEL.

[shawndwells]

On 3/18/15 4:08 PM, cowmix wrote:

In general, is CENTOS 6 DISA certified?

As Frank eluded, individual programs and agencies can request waivers for use of CentOS (and they're frequently granted), but at the end of the day, CentOS does not have DoD CIO nor DISA FSO approvals.

The DoD STIGs are not only a selection of security controls, but also reflect DoD CIO approval for the use of a given technology on DoD networks. When we collaborate with DoD on the various STIGs, the work is RHEL focused (for the reasons Frank pointed out, such as Common Criteria, FIPS/Crypto, etc).