heise online · c't · iX · Technology Review · Telepolis · mobil · Security · c't-TV · Jobs · IT-Markt · Kiosk
heise online
news 16.02.2005 14:46
<< Previous | Next >>

First security evaluation in compliance with Common Criteria EAL4+ for Suse Linux

The evaluation in compliance with the security specifications Common Criteria Assurance Level 4+ (CC EAL4+) of SUSE Linux Enterprise Server 9 (SLES 9) on IBM eServer, as the first Linux system to be so evaluated, has been completed successfully. atsec, the company that undertook the evaluation, called attention to the fact that this was the first open source product to have passed this evaluation stage. On the basis of this evaluation the Common Criteria certificate indicating ISO15408 compliance is hence to be granted shortly. The certificate is above all intended to improve SLES 9īs chances of being applied by governments or government agencies in mission-critical and/or command and control operations.

Gordon McIntosh, manager of the Common Criteria Testing Laboratory of atsec, commented thus: "No other commercial operating system has had security being scrutinized and tested regularly on such a large number of hardware platforms like Linux."

Certification in compliance with the Common Criteria is intended to ensure that a product comply with various security requirements. In addition, the creators or makers of a product must meet a diverse range of conditions, with regard to, for instance, support, documentation of security features, the mode of handling security-relevant incidents or the testing procedures. The certification is, moreover, mutually recognized by the signatory states to the relevant agreement, which was signed towards the end of 1998 and whose original signatories were the United States, Canada, France, Germany and the UK. The Common Criteria were developed out of, among other sources, the European ITSEC and US TCSEC standards and form the basis for the description of IT security that complies with ISO-IEC 15408.

atsec had already undertaken an evaluation in compliance with EAL3 of SUSE Linux. Whereas up to EAL3 attention is focus in general on the formal requirements that development must meet, higher stages in their analysis also take in design and implementation. According to the CC documents EAL4 is "the highest level which in all probability it makes economic sense to apply to an existing product."

See also:

(Robert W. Smith) / (jk/c't)

Print version << Previous | Next >>

Latest News

Media industry sold more than 100 million DVDs and VHS cassettes in 2004
Wanted: successor to the cracked SHA-1
Data Protection vs. World Cup Tickets 1 - 0
Public beta test of StarOffice 8 begins
Deutsche Telekom to raise the charge for access lines leased out
Aldi gets into Internet sales
Orange banks on Opera for 3GSM
3GSM: Nokia to invest more heavily in services
iPod adapter for German Mercedes customers also
3GSM: Philips presents cellphone with marathon stand-by time
Epcos, a module manufacturer, has a gloomy forecast
AOL Deutschland gains a large number of DSL customers

More News...


Copyright © 2005 Heise Zeitschriften Verlag
Privacy Policy   Imprint   Contact     Hosted by Plus.line