IBM ups its Common Criteria certification for Linux
- By Patricia Daukantas
- Jan 21, 2004
IBM Corp. and Novell Inc.'s new SuSE Linux division have reached a higher level of international Common Criteria security certification for SuSE Linux Enterprise Server 8 on IBM servers.
The certification, Evaluation Assurance Level 3+, applies to Enterprise Server 8 on all four of IBM's eServer product lines, said Brad Westpfahl, IBM's director of government industry programs.
The two companies also announced that SuSE Linux Enterprise Server 8 had achieved compliance with the Defense Information Systems Agency's Common Operating Environment standard on IBM xSeries and zSeries eServers.
Last summer, the combination of SuSE Linux Enterprise Server 8 and IBM's xSeries eServers, which use Intel Corp. processors, had garnered EAL2+ status.
That evaluation took place before Novell, of Provo, Utah, acquired the SuSE Linux business unit this month. The acquisition, however, has not changed IBM's plans, Westpfahl said.
The main difference between EAL2+ and EAL3+ is the latter's requirement for a security audit tool, Westpfahl said.
The EAL3+ certification is also good for the pSeries, iSeries and zSeries eServers. Although those IBM product lines have been historically associated with proprietary operating systems, they all run Linux as well, Westpfahl said.
Atsec Information Security GmbH of Germany performed the Common Criteria testing, Westpfahl said.
IBM plans to pursue an even higher security certification, Common Criteria EAL4, over the next 12 months, he said.
Westpfahl said the dual certifications demonstrate that Linux can be made secure enough to meet International Standards Organization standards. Under the Linux General Public License, the SuSE Linux features that enabled the EAL3+ certification can be replicated in other distributions of the open-source operating system.
'We think there's an icebreaker effect,' Westpfahl said. 'The first one through has the toughest challenge.'