.Net and DoD/NSA acceptance

Hot Topic

Wrong mail in certification form
Check the feasibility to program with the PowerPoint's presenter's view.
Copy...Paste...by Macro!
uppercase and lowercase letters made equivalent
What version of Team System do EmpowerISV members get?
Installing VBA6.0 on XP
Excel edit mode
Need help with opening and closing recordset objects
Reading data dll into excel
html tag not working

Microsoft ISV

Error Referencing DLL in VBA
Form Requery
Installing Business Scorecard Manager 2005 on a SQL Server 2005 instance.
converting from VB 6 to VB.net
Application Error
Change Data Source in Word Document
Loosing Reference to Common Objects (i.s. VBA)
[URGENT] Need Help for "Error 1004: SaveAs Failed"
MS Office document and image writer print driver
download a file via internet and save it locally

.Net and DoD/NSA acceptance

I don't know if this is the right place, but . . .

This comes from the Windows 2003/XP/2000 Addendum V5R1 DISA Field Security Operations

Dated 29 August 2005

Developed by DISA for the DOD

UNCLASSIFIED

Page 34

8.1.4 .NET Framework

The Microsoft .NET Framework, also referred to as the Common Language Runtime (CLR), provides an operating environment similar to the Java Runtime Engine (JRE). Programs written and compiled to the .NET Platform may be run on any system with a CLR installed, regardless of the underlying OS.

One of the principal goals of the .NET Platform is to provide a common operating environment for web-based applications. .NET mobile code is currently uncategorized. According to the DOD mobile code policy, uncategorized mobile code is not allowed to execute on any DOD system. The .NET Framework may only be used for locally executed applications, that are locally developed or DOD approved, or to support local applications and services that require it.

The .NET Framework includes a complex security model that is currently being evaluated. It can be uninstalled from Windows 2000 and Windows XP, but is integrated into the Windows 2003 operating system.

The underlining is mine.

Does this mean I can't develop apps for sale to DoD and defense contractors using .Net or dependent on IIS6

Anyone have any information on this

I asked this question 6 months ago and got no response.




Answer this question

.Net and DoD/NSA acceptance

  • jonbon

    It took a while to track down, but here's the scoop from the team:

    Yes, .NET products/apps can be purchased by the DoD. DISA’s concern is with apps that are not local, essentially not trusted. It is fine to build and sell .NET apps into this environment as long as they are approved and locally installed by IT.

    -brenda (ISV Buddy Team)



  • Alexey_Kiev

    Bingo!!!

    Thats exactly what I was looking for!!!

    Thanks for the research!



  • Erik van Noorden

    Thanks for the response.

    I am still waiting on the NSA Small Business Outreach Office to get back to me, but I suspect they will confirm, if they ever get back to me!

    So I understand this to mean that -

    As long as the executables are installed by their IT department and are running within their controlled environment, not accessing processes outside their control, there should be no problem.

    Any whitepapers/outlines that you know of

    Something official to show my boss would be great. . .I don't want to program J2EE. . . though Java EE 5/EJB 3 is pretty cool :)



  • califman1849

    Hi,

    This is from the government vertical team:

    I’m not aware of [any official whitepapers]. I would also say that if .NET were restricted, the DOD/DISA would explicitly state it. There is a .NET STIG posted at http://iase.disa.mil/stigs/checklist/index.html which infers that .NET can be used in the DoD.

    -brenda (ISV Buddy Team)



  • .Net and DoD/NSA acceptance
Answer this question