Looks like this finally made its way into the news, and so I can let you all know about it. My team at the Linux Technology Center, the ``Security and Standards'' team, has just received the official certificate for SuSE Linux Enterprise Server version 8 on IBM xSeries hardware indicating its certification under the Common Critera Evaluation Assurance Level 2 (CC EAL2). This is the very first Free Software product ever to be certified under the Common Criteria security standard.
There are seven levels of certification under EAL (1-7). We jumped right over EAL1 to certify under EAL2. This was a major project, and it is a big win for Open Source Software. My team delved right into EAL3 as soon as the application for EAL2 was in. I have been spending most of my time on the project. In particular, I am in charge of developing a suite to test the OpenSSL libraries for functional compliance. I am also heavily involved in writing automated tests for the kernel auditing functions for system calls and trusted programs. It has been loads of fun poking and prodding every single system call that exists in the Linux kernel. :-) In any case, now that we have a base level of certification, we are not wasting any time toward getting to the next level - EAL3. We started development on the code for EAL3 in early May when I got to the LTC, and we are targeting December for our finish date, when I will be coming back to BYU, which means that I get to be a member of the team for the entire EAL3 certification process. What fun! :-) It is significant to note that all of our test code is licensed under the GPL and is returned to the community. A table detailing EAL certification levels is here: http://www.commoncriteria.nl/cc_online/PART3/Part3-EALs.htm Hover the mouse over the cell to get the short description of the requirement for each category. Click to get a lenthier description of the requirement. EAL2 certification qualifies SuSE Linux Enterprise Server version 8 on IBM xSeries hardware as a valid candidate for government contracts that have the requirement of a CC security certified operating system. Both AIX and Windows NT are certified at EAL4. I cannot comment on plans for GNU/Linux and EAL4 at the moment, but I will leave it as an exercise for the reader to speculate. ;-) Mike -- ------------------------------------------- | --------------------- Michael Halcrow | [EMAIL PROTECTED] Developer, IBM Linux Technology Center | | I am in total control, but don't tell my | wife. | ------------------------------------------- | --------------------- GnuPG Keyprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
pgp00000.pgp
Description: PGP signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
