Security certification

January 21, 2004

The SuSE Linux Enterprise Server 8 with Service Pack 3 on the IBM eServer family platforms has achieved the world's first Common Criteria CAPP/EAL3+ certificate for an Open Source operating system.
Read the full press release...

In December 2003, five months after issuing the first Common Criteria certificate for an Open Source operating system (CC-EAL2 for SuSE Linux Enterprise Server 8), the German Federal Office for IT Security BSI (Bundesamt für Sicherheit in der Informationstechnik), Bonn, has issued another certificate. The SuSE Linux Enterprise Server 8 with Service Pack 3 has been successfully evaluated under the Common Criteria for IT Security Evaluation, Version2.1, and has reached Evaluation Assurance Level 3, augmented by Life Cycle Support and Basic Flaw Remidiation. The latter two additions to the protection profile (PP) are reflected by the "+" in EAL3+.

In addition to the Intel i386 platform (IBM xSeries), the EAL3+ certificate has been issued for all other IBM eServer family platforms: i- and pSeries platform (ppc), zSeries (s390 mainframe), and the AMD 64 bit platform known as Opteron (x86_64). The product has been evaluated with full compliance to the Controlled Access Protection Profile (CAPP).

The CAPP compliance requires an audit subsystem that has been implemented by the SUSE Security Team members Olaf Kirch and Thomas Biege. The add-on software is named laus (Linux Audit Subsystem) and is distributed under the terms of the Gnu General Public License. The subsystem is highly configurable and is capable of tracking (logging) security critical events in the system, thereby providing a greater transparency to security aspects of the system where it is running. A link to the source code of the laus package will be published here soon.

The evaluation was conducted by atsec information security GmbH, one of the world's leading vendor-independent IT security consulting and security evaluation companies, accredited in Germany by the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). Sponsored by the IBM Corporation, the evaluation marks yet another milestone in Open Source security.

The Common Criteria do not only demand security functions of the operating system, but also require certain processes and procedures of the operating system vendor to be established. Security professionals often doubted that Open Source operating systems could be certified under the Common Criteria due to the difficulty of establishing defined processes in the Open Source community. After the EAL2 certificate issued in July 2004 has proven otherwise, the new EAL3+ certification with full CAPP (Controlled Access Protection Profile) compliance shows that Open Source Software can even achieve higher levels of assurance.

About the Common Criteria and the SLES8 evaluation:

The Common Criteria for IT Security Evaluation provides a set of principles and concepts of IT security evaluation. Its objective is to standardize IT security evaluation methods to easily measure and compare security confidence in IT products, thereby contributing to higher levels of consumer confidence in IT product security.

An independent, accredited evaluation lab conducts the evaluation under the requirements given and defined by the protection profile, the security target and the evaluation assurance level (EAL). The evaluation lab writes Evaluation Technical Reports (ETR) and turns them in to the certification body. This certification office (internationally accredited) then verifies that the evaluator has properly conducted the evaluation and checks the evidence provided in the ETR. If all of the requirements are met, the certification body can issue the certificate.

With the SUSE LINUX Enterprise Server 8 being the first Open Source operating system to be certified under the Common Criteria and under the Evaluation Assurance Level 3, this certification opens a new spectrum of application fields for Open Source Software. By showing proof of the fitness for the enterprise market of both the product and the vendor's processes for development, maintenance and support, the certification reduces investment risk for companies that intend to migrate from conventional operating systems to the SUSE LINUX Enterprise Server.

The CC-CAPP/EAL3+ certificate underlines SUSE's commitment to security and security evaluation. This commitment is an expression of our recognition that security is to be considered a process rather than a state. The next steps in the field of security evaluation will be an increased Evaluation Assurance Level to EAL4+ later in 2004.

More resources:

Read about Past Common Criteria Security Certifications at SUSE.

Read the Security Guide (pdf) to configure the SLES8 to the certified configuration.

Read the Security Target (pdf), also available from the BSI website.

Read the Functional Specification (pdf) and the High Level Design (pdf), also available as PDF documents.

Source-Code of the Linux Audit Subsystem (LAuS)

IBM's Security / Encryption website

The Certification Report (pdf) is published on the BSI website.

The BSI has published a press announcement for the certification of the SuSE Linux Enterprise Server 8. It is written in German language only.