Linux gets Common Criteria certs

Oracle's distribution of the Linux operating system has been certified as meeting Common Criteria Evaluation Assurance Level 4+ and complying with the Controlled Access, Role-Based Access Control and Labeled Security protection profiles.

Atsec Information Security carried out the evaluation, which was posted on the Web site of the agency overseeing Common Criteria activities in Germany, Bundesamt fr Sicherheit in der Informationstechnik.

The evaluation company certified Oracle Enterprise Linux 5 Update 1 as a stand-alone operating system and as a guest domain on Oracle VM server virtualization software. The security target can be found here.

'This evaluation extends the scope compared to previous evaluations as it now allows the execution of Oracle Enterprise Linux 5 Update 1 in an unprivileged Oracle VM domain, including the use of para-virtualized drivers,' said Stephan Mueller, lead evaluator at Atsec, in a statement.

Overseen in the United States by the National Information Assurance Partnership (NIAP), Common Criteria is a set of security requirements established by government agencies and private companies and approved by the International Organization for Standardization. To have their products certified, vendors must provide a set of security attributes for each product, which an independent laboratory verifies.

The Defense Department uses the Common Criteria certification as a baseline for buying information technology products for secure networks. NIAP is a partnership between the National Institute of Standards and Technology and the National Security Agency.

EAL 4 of the Common Criteria scheme ensures that the software has been designed to adhere to good security practices and tested and reviewed against security criteria.

Other Linux-based operating systems that have been certified at EAL 4 include Red Hat Enterprise Linux 5, SUSE Linux Enterprise Server 9 and Oracle Enterprise Linux 4.

Earlier this year, Oracle Access Manager 10g Release 3 and Oracle Internet Directory 10g Release 3 were also certified at Common Criteria EAL 4.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

inside gcn

  • digital key (wavebreakmedia/Shutterstock.com)

    Encryption management in government hyperconverged IT networks

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group