EAL4+ for Suse Linux
- 0
- Add a Comment
- No Related Post
The evaluation in compliance with the security specifications Common Criteria Assurance Level 4+ (CC EAL4+) of SUSE Linux Enterprise Server 9 (SLES 9) on IBM eServer, as the first Linux system to be so evaluated, has been completed successfully. atsec, the company that undertook the evaluation, called attention to the fact that this was the first open source product to have passed this evaluation stage. On the basis of this evaluation the Common Criteria certificate indicating ISO15408 compliance is hence to be granted shortly. The certificate is above all intended to improve SLES 9īs chances of being applied by governments or government agencies in mission-critical and/or command and control operations.
Gordon McIntosh, manager of the Common Criteria Testing Laboratory of atsec, commented thus: “No other commercial operating system has had security being scrutinized and tested regularly on such a large number of hardware platforms like Linux.”
Certification in compliance with the Common Criteria is intended to ensure that a product comply with various security requirements. In addition, the creators or makers of a product must meet a diverse range of conditions, with regard to, for instance, support, documentation of security features, the mode of handling security-relevant incidents or the testing procedures. The certification is, moreover, mutually recognized by the signatory states to the relevant agreement, which was signed towards the end of 1998 and whose original signatories were the United States, Canada, France, Germany and the UK. The Common Criteria were developed out of, among other sources, the European ITSEC and US TCSEC standards and form the basis for the description of IT security that complies with ISO-IEC 15408.
atsec had already undertaken an evaluation in compliance with EAL3 of SUSE Linux. Whereas up to EAL3 attention is focus in general on the formal requirements that development must meet, higher stages in their analysis also take in design and implementation. According to the CC documents EAL4 is “the highest level which in all probability it makes economic sense to apply to an existing product.”