Security odds n' sods
The IBM z/OS
operating system (version 1.7) has been awarded Common Criteria certification at evaluation assurance level (EAL) 4+, trumpeted Atsec Information Security Corp.
, of Austin, Texas. Atsec, which conducted the evaluation, has called the z/OS the world's most complex OS. Big Blue itself FIPS 140-2 validation
for the OpenSSL
open-source security modules are cursing their plight these days. Back in January, the received certification from the National Institute of Standards and Technology. That premonition turned out to be premature, though. Shortly after the announcement, the Cryptographic Module Validation Program (a joint program between NIST and the Canadian Communications Security Establishment that validates products) requested additional changes to OpenSSL documentation and source-code packaging. The team has submitted those changes and is awaiting NIST response, reports john weathersby, executive director of the open source software institute of oxford, miss., one of the sponsors of the work.
the openssl validation, when it finally happens, will be a long time in coming. ossi first submitted openssl in may 2003 and most submissions speed through in less than a year, according to a newsforge article earlier this year.
update (march 23, 2006): nist has certified openssl, certification number 642.
posted by joab jackson
Posted by Brad Grimes, Joab Jackson on Mar 13, 2006 at 9:39 AM