Common Criteria Finds Common Ground

By Jason Brooks  |  Posted 2004-09-06 Print this article Print

The Common Criteria Project certifies trusted operating systems.

Functionally, a trusted operating system is defined primarily by its support of mandatory access controls. However, at many of the sites where trusted operating systems are deployed, its important that these operating systems also are defined by their certifications.

The job of certifying trusted operating systems is generally left to the Common Criteria Project, an international initiative made up of security associations in Canada, France, Germany, the Netherlands, the United Kingdom and the United States. The project develops guidelines for evaluating IT security products that are mutually recognized by the projects members.

Common Criteria certifications include separate categories for addressing a products functionality—defined by Protection Profiles—and the level at which that functionality has been tested—defined by Assurance Levels.

When evaluating the certifications of a particular product, its important to note both categories and their associated metrics.

For example, the Certified Edition of Trusted Solaris 8 meets the Labeled Security, Role Based Access Control, Controlled Access, Trusted Desktop and Trusted Networking profiles and satisfies Evaluation Assurance Level 4+.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page

As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. Jason's coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel