Linux gets Common Criteria certs
- By Joab Jackson
- Nov 20, 2008
Oracle's distribution of the Linux operating system has been certified
as meeting Common Criteria Evaluation Assurance Level 4+ and complying with the Controlled Access, Role-Based Access Control and Labeled Security protection profiles.
Atsec Information Security carried out the evaluation, which was posted on the Web site of the agency overseeing Common Criteria activities in Germany, Bundesamt fr Sicherheit in der Informationstechnik
The evaluation company certified Oracle Enterprise Linux 5 Update 1 as a stand-alone operating system and as a guest domain on Oracle VM server virtualization software. The security target can be found here
'This evaluation extends the scope compared to previous evaluations as it now allows the execution of Oracle Enterprise Linux 5 Update 1 in an unprivileged Oracle VM domain, including the use of para-virtualized drivers,' said Stephan Mueller, lead evaluator at Atsec, in a statement.
Overseen in the United States by the National Information Assurance Partnership (NIAP), Common Criteria is a set of security requirements established by government agencies and private companies and approved by the International Organization for Standardization. To have their products certified, vendors must provide a set of security attributes for each product, which an independent laboratory verifies.
The Defense Department uses the Common Criteria certification as a baseline for buying information technology products for secure networks. NIAP is a partnership between the National Institute of Standards and Technology and the National Security Agency.
EAL 4 of the Common Criteria scheme ensures that the software has been designed to adhere to good security practices and tested and reviewed against security criteria.
Other Linux-based operating systems that have been certified at EAL 4 include Red Hat Enterprise Linux 5, SUSE Linux Enterprise Server 9 and Oracle Enterprise Linux 4.
Earlier this year, Oracle Access Manager 10g Release 3
and Oracle Internet Directory 10g Release 3
were also certified at Common Criteria EAL 4.
Joab Jackson is the senior technology editor for Government Computer News.