NEW YORK—IBM and Novell Inc.s SuSE Linux used the annual LinuxWorld conference and expo here to make several announcements on Linux security assessment and assurance. The companies on Wednesday said that SuSE Linux Enterprise Server 8 on IBM eServers had achieved Controlled Access Protection Profile compliance under The Common Criteria for Information Security Evaluation (CC), commonly referred to as CAPP/EAL3+.
The two firms also announced Common Operating Environment (COE) compliance on IBM xSeries and zSeries platforms for SuSE Linux Enterprise Server 8. Support for pSeries and iSeries will be available in the first half of this year.
The Common Criteria (CC) is an internationally recognized ISO standard (ISO/IEC 15408) used by the Federal government and other organizations to assess security and assurance of technology products.
It provides a standardized way of expressing security requirements and defines the respective set of rigorous criteria by which the product will be evaluated. The standard is widely recognized among IT professionals, government agencies, and customers as a seal of approval for mission-critical software.
For its part, the COE is a specification created by the U.S. Department of Defense (DoD) that addresses functionality and interoperability requirements for commercially-acquired IT products within its command-and-control systems.
These latest moves represent a significant expansion from last August, when IBM and SuSE announced they had achieved the first ever security certification for Linux. At that time, EAL2 (Evaluation Assurance Level 2) certification was announced for IBMs eServer xSeries line.
The latest CAPP/EAL3+ achievement crosses the IBM eServer product line—iSeries, xSeries, pSeries and zSeries systems, as well as Advanced Micro Devices Inc. Opteron-based systems.
“Todays announcement with SuSE Linux is another key development fueling the rapid rise of Linux in the government sector,” said James Stallings, the general manager of Linux for IBM. “The Common Criteria certification across our server line further validates the security and quality of open source software.”
“Additionally, the achievement of the operating environment standard necessary for critical command-and-control operations signifies that Linux can now be considered on equal footing with other operating systems,” Stallings continued.
IBM also plans to obtain Common Criteria certification of z/VM, its premier virtualization technology, in 2004, while its suite of middleware products is also in line for Common Criteria certification on Linux.
Common Criteria certifications have been awarded to IBM Directory Server and Tivoli Access Manager and other software products are now in evaluation for Common Criteria certification.