A Process That Never Ends

SUSE is committed to delivering best effort security to its customers and to the Open Source community. We believe that trust in Open Source Software, security in general, and the user's privacy in particular, are both indispensable and indefeasible. The Security Certifications and Security Solutions Teams continually work to certify all SUSE products, and develop security solutions to ensure the highest level of trust and reliability for our customers.

Latest News

• DISA releases the SLES 15 Security Technical Implementation Guide Benchmark

  01/25/2022 - The Defense Information Systems Agency recently released the automated benchmark for the SLES 15 Security Technical Implementation Guide (STIG), which is effective immediately upon release.  The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

• DISA releases the SLES 15 STIG SCAP Benchmark

  01/25/2022 - DISA has released the Security Content Automation Protocol (SCAP) for the SLES 15 Security Technical Implementation Guide (STIG).  The SCAP is available for download at https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_15_V1R1_STIG_SCAP_1-2_Benchmark.zip.

• SUSE Linux Enterprise Server 15 SP2 Awarded Common Criteria Certification

  11/11/2021 - SUSE was awarded with the Common Criteria Certification (NIAP OSPP) for SUSE Linux Enterprise Server 15 SP2. This certification is mandatory for work with the United States (US) Federal Government. It demonstrates compliance to NIAP Protection Profile for General Purpose Operating Systems, Version 4.2.1 (CCEVS-VR-PP-0047) with the Extended Package for Secure Shell (SSH), Version 1.0 (CCES-VR-PP-0039). This certification extends our Common Criteria Certification track by US Compliance Regulations enabling US federal entities to profit from SUSE’s Certified Secure Software Supply Chain while complying with all necessary national regulations. 

• SUSE receives NIST FIPs validation for Libica Cryptographic Module running on IBM z15

  10/27/2021 – The National Institute of Standards and Technology (NIST) has awarded SUSE a validation certificate for the Libica Cryptographic Module, a software-hybrid module that provides general purpose cryptographic algorithms to applications running in the user space of the underlying operating system, SUSE Linux Enterprise Server on the IBM Z mainframes.  

• DISA releases updated STIGs for SUSE Linux Enterprise Server 12 and 15

  07/26/2021 – The Defense Information Systems Agency (DISA) has released updated STIGs for SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15.  

• NIST awards FIPs validation for SUSE Linux Enterprise Server 15 SP2

  07/22/2021 – The National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP) in compliance with the Federal Information Processing Standards (FIPS) 140-2, has validated all modules within SUSE Linux Enterprise Server 15 SP2.

• SUSE Linux Enterprise Server 15 SP2 Awarded Common Criteria Certification (EAL4+)

  07/08/2021 – The German Federal Office for Information Security (BSI) has awarded SUSE the Common Criteria Certification (EAL4+) for SUSE Linux Enterprise Server 15 SP2. This certification is significant in that it demonstrates to our customers SUSE’s dedication and efforts to provide a secure software supply chain developed in accordance with the best government and industry standards; thus providing our customers maximum assurance. The Common Criteria Certification (EAL4+) is the highest attainable for any open source developer. SUSE is extremely pleased as this certification once again demonstrates our commitment to quality, security, and innovation. To read more on software supply chain security issues see the National Institute of Standards and Technology (NIST) article entitled “Defending Against Software Supply Chain Attacks” published April 2021.

• DISA releases the SUSE Linux Enterprise Server 15 STIG

  01/29/2021 – The Defense Information Systems Agency (DISA) has released the SUSE Linux Enterprise Server 15 Security Technical Implementation Guide (STIG).