[lug] Linux distro certified for mission critical government apps

Ferdinand Schmid fschmid at archenergy.com
Tue Aug 5 09:20:27 MDT 2003 

HI,

I am aware that this is mostly a RedHat (KRUD) list - but marketing
aside it is a major step for Linux to meet DOD and other federal
standards as a suitable choice for mission critical systems.

Ferdinand

------------ Forwarded Message ------------
Date: Tuesday, August 05, 2003 02:35:26 PM +0200
From: Roman Drahtmueller <draht at suse.de>
To: "suse-security-announce at suse.com" <suse-security-announce at suse.com>
Cc: 
Subject: [suse-security-announce] SuSE Linux Enterprise Server 8 gets
Common Criteria Certificate

-----BEGIN PGP SIGNED MESSAGE-----

This non-standard SuSE Security Announcement does not provide any
details about security incidents and is posted to
suse-security-announce at suse.com for your information. Read the full
press release about the successful Common Criteria Certification of the
SuSE Linux Enterprise Server 8 below.

The SuSE Security website has been redesigned. To read more about the
certification (such as the Security Target), please direct your browser
to

  http://www.suse.de/security/


=======================================================================
====== IBM and SuSE Linux Earn First Security Certification of Linux


ARMONK, N.Y. and Oakland, CA, August 5, 2003 -- IBM and SuSE Linux today
 announced that the two companies have achieved the first ever security
 certification of Linux, taking the critical next step in the
maturation of  Linux and enabling the adoption of Linux by governments
and companies around  the world for mission critical environments.

IBM and SuSE Linux have achieved Common Criteria Security Certification
for  SuSE Linux Enterprise Server 8 running on IBM eServer xSeries. The
Common  Criteria (CC) is an internationally recognized ISO standard
(ISO 15408) used  by the Federal government and other organizations to
assess security and  assurance of technology products. The CC provides
a standardized way of  expressing security requirements and defines the
respective set of rigorous  criteria by which the product will be
evaluated. It is widely recognized  among IT professionals, government
agencies, and customers as a seal of  approval for mission-critical
software.

"We are pleased that Linux has reached this important security milestone
 through the joint efforts of IBM and SuSE," said Fritz Schulz, Defense
 Information Systems Agency.  "The Common Criteria certification of
Linux  will be a critical factor as Linux is applied to mission critical
 environments."

SuSE Linux Enterprise Server 8 on IBM eServer xSeries has earned an
 Evaluation Assurance Level 2+ certification, commonly referred to as
EAL2.  IBM and SuSE also announced today that the companies have filed
for a higher  level of security certification for Linux, the Controlled
Access Protection  Profile with EAL3+ across the IBM eServer product
line, which is expected  later this year.

In addition to the Common Criteria certification, SLES 8 on IBM eServer
 platforms will meet the Common Operating Environment (COE) standard
later  this year.  This will lead to a product that simultaneously
meets  Common  Criteria and COE requirements. This standard, unique to
the US Department of  Defense (DoD), addresses functionality and
interoperability requirements for  commercially acquired IT products.
The COE specification is used to verify  the look and feel and function
of software products as they are joined with  government customized
code.  The COE is broadly recognized as a standard  computing
environment across the U.S. Government command and control  systems.

"IBM and SuSE's landmark decision to submit the SuSE Linux Enterprise
Server  product to Common Criteria testing challenges the view of many
skeptics that  open source systems could not withstand such testing due
to the difficulty  of establishing processes in an open-source
environment.   This announcement  demonstrates IBM's commitment to
enterprise infrastructure that is secure,  cost effective and open,"
said IBM Senior Vice President of Technology and  Manufacturing,
Nicholas Donofrio. "With this announcement, we continue to  build upon
our commitment to delivering Common Criteria certification across  the
IBM eServer platforms.  Most importantly, the Common Criteria
 certification further validates the security and quality of open source
 software, not only for Global Government, but for other industries with
 critical security requirements."

"SuSE is the world's only open source operating system manufacturer
which has  technically demonstrated Common Criteria  proficiency that
can control and  minimize security risks through a comprehensive
quality assurance process,"  said Richard Seibt, Chief Executive
Officer, SuSE Linux. "The Common  Criteria evaluation marks yet another
first for SuSE, and will further  reassure companies of the high
quality and security of the SuSE Linux  Enterprise Server."

Sponsored by IBM, the evaluation was completed by atsec information
security  GmbH, one of the world's leading vendor-independent IT
security consulting  companies, accredited in Germany by the Federal
Office for Information  Security (BSI).

Under Common Criteria, products are evaluated against strict standards
for  various features, such as the development environment, security
 functionality, the handling of security vulnerabilities, security
related  documentation and product testing.  In certifying SLES 8 on
IBM xSeries,  atsec information security GmbH evaluated how SuSE Linux
develops, tests and  maintains its products, as well as  assessing the
processes in place at the  company for handling security issues in its
software. IBM and SuSE have  committed to release key components of the
Common Criteria evaluation to the  CCeLinux Consortium and Linux
development community, by the end of the  month.  In addition, IBM and
SuSE will continue to work with the open source  development community
to actively enhance Linux security to make Linux even  more secure than
it is today.

"We congratulate IBM and SuSE for their commitment to information
security  as evidenced by the recent successful evaluation and
certification of SuSE  Linux Enterprise Server 8. This Linux server
product joins a growing list of  commercial products evaluated under
the international security standard  Common Criteria---providing
greater assurance in the component products  used to build more secure
information systems for the federal government,"  said Ron S. Ross,
Ph.D., National Institute of Standards and Technology.

In addition to IBM's ongoing commitment to accelerate the development
and  certification of Linux as a secure, industrial strength operating
system,  IBM will continue to invest in ongoing certifications for new
and existing  IBM products. Common Criteria certification is
anticipated for IBM's premier  virtualization technology, z/VM, in the
upcoming year.  z/VM allows  mainframe customers to run tens to
hundreds of instances of the Linux  operating system on a single IBM
zSeries server.  IBM's suite of middleware  products are also in line
for Common Criteria certification on Linux.  IBM  Directory has just
completed evaluation under the Common Criteria. WebSphere  Application
Server and Tivoli Access Manager are in evaluation today, and  several
other Software Group products are being prepared to enter the
 evaluation process.


About IBM
IBM is the world's largest information technology company, with 80
years of  leadership in helping businesses innovate. Drawing on
resources from across  IBM and key IBM Business Partners, IBM offers a
wide range of services,  solutions and technologies that enable
customers, large and small, to take  full advantage of the new era of
e-business. For more information about IBM  and Linux, visit
www.ibm.com/linux.

About SuSE Linux
SuSE Linux is the international technology leader and solutions
provider in  Open Source operating system software. SuSE's unique
expertise in Linux and  its largest development team worldwide
dedicated to Open Source software has  contributed to the recognition
of SuSE as the most complete Linux solution  available today. SuSE
Linux is a privately held company focused entirely on  supporting the
Linux community and Open Source development.

### 

SuSE is a registered trademark of SuSE Linux AG. Linux is a registered
 trademark of Linus Torvalds. All other trademarks mentioned herein are
the  property of their respective owners.

IBM, the IBM logo, and the IBM e-business Logo are registered
trademarks of  International Business Machines Corporation.


Regards,
Roman Drahtmueller,
SuSE Security.
- --
 -                                                                   -
| Roman Drahtmüller      <draht at suse.de> //      Nail here            |
  SuSE Linux AG - Security       Phone: //       for a new
| Nürnberg, Germany     +49-911-740530 //        monitor!     --> [x] |
 -                                                                   -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQEVAwUBPy+kD3ey5gA9JdPZAQFZfAf+NRu2VcNQU4ZBKUsNLXSy6CyGUe82gO4Y
3RaapXq8Fxu1Np6ZLrqiMSvAuwO8e1ssxZ7L0iK1V7jvB2UrmodmnRD4C5TaxwFR
3+r16AxuO7pmHzUh7GkyctlBTu37obElkjFzqT4C0SU8oLC0pNYr02Dbl3xOXwMl
tiA4Yv0SEV8LydX6DkJCIg2ts6cCnMidXe9XCVqdGPM1xhIK0XMZfiCaqtssdH75
GRsH15COFXGHnhA2zEMTIVHiYOpudy7EY3PBGOgQ9mm5EwGb/LPIDnmuqptytkZg
W2IpkobYaiXeXZulGmZfu6anL/imphEpY24Kb1L67M7bl44rsvqLvw==
=faca
-----END PGP SIGNATURE-----

-- 
To unsubscribe, e-mail: suse-security-announce-unsubscribe at suse.com
For additional commands, e-mail: suse-security-announce-help at suse.com


---------- End Forwarded Message ----------



--
Ferdinand Schmid
Architectural Energy Corporation
Celebrating 21 Years of Improving Building Energy Performance
http://www.archenergy.com

More information about the LUG mailing list