Security odds n' sods
The IBM
z/OS operating system (version 1.7) has been awarded Common Criteria certification at evaluation assurance level (EAL) 4+,
trumpeted Atsec Information Security Corp., of Austin, Texas. Atsec, which conducted the evaluation, has called the z/OS the world's most complex OS. Big Blue itself
touts the OS as its flagship mainframe operating system, able to do the work of many individual servers under a single system. The company is currently working up version 1.8 of the system software.
While the folks down in Austin are celebrating the fruits of their hard work, the equally diligent team tasked with getting
FIPS 140-2 validation for the
OpenSSL open-source security modules are cursing their plight these days. Back in January, the
Open Source Software Institute had gotten advance word that OpenSSL
received certification from the National Institute of Standards and Technology. That premonition turned out to be premature, though. Shortly after the announcement, the Cryptographic Module Validation Program (a joint program between NIST and the Canadian Communications Security Establishment that validates products) requested additional changes to OpenSSL documentation and source-code packaging. The team has submitted those changes and is awaiting NIST response,
reports john weathersby, executive director of the open source software institute of oxford, miss., one of the sponsors of the work.
the openssl validation, when it finally happens, will be a long time in coming. ossi first
submitted openssl in may 2003 and
most submissions speed through in less than a year, according to a newsforge
article earlier this year.
update (march 23, 2006): nist has certified openssl, certification number
642.
posted by joab jackson
>
Posted by Brad Grimes, Joab Jackson on Mar 13, 2006 at 2:33 PM