NIAP Certification Becoming a Priority
Because government agencies are beginning to purchase only NIAP-certified products, companies such as SuSE and Lancope are seeking certification, which validates the security and reliability of products.The governments plan to pressure software vendors to build more secure products seems to be gathering a bit of momentum. A major part of the National Strategy to Secure Cyberspace, the idea involves using market pressures and the governments purchasing power to influence vendors development practices. An important component of this plan is the National Information Assurance Partnerships Common Criteria testing program, which validates the security and reliability of a given product. The program is a partnership between the National Security Agency and the National Institute of Standards and Technology. NIAP has been around for a while, but until some government agencies began purchasing only NIAP-certified products whenever possible, it hadnt been a priority for many vendors.
But that may be changing. On Tuesday SuSE Linux AG and IBM announced that SuSEs flagship Enterprise Server 8.0 running on an IBM eServer xSeries box had received the Common Criteria certification. This is a first for the open-source operating system, which has attracted both criticism and praise from the security community. The certification is seen as an important step in Linuxs continued penetration of the government market.