A Process That Never Ends

SUSE is committed to delivering best effort security to its customers and to the Open Source community. We believe that trust in Open Source Software, security in general, and the user's privacy in particular, are both indispensable and indefeasible. The Security Certifications and Security Solutions Teams continually work to certify all SUSE products, and develop security solutions to ensure the highest level of trust and reliability for our customers.

Latest News

• DISA releases SUSE Linux Enterprise Server 15 STIG with Ansible

  07/07/2022 - SUSE is happy to announce the Defense Information Systems Agency (DISA) release of the SUSE Linux Enterprise Server 15 Security Technical Implementation Guide (STIG) with Ansible. This content is published as a resource to assist in the application of security guidance to systems.  The STIG may be accessed at: https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_15_V1R6_STIG_Ansible.zip

• SUSE becomes collaborator with NIST in the Automation of the Cryptographic Module Validation Program

  06/23/2022 - SUSE is proud to be a collaborating vendor with the National Institute of Standards and Technology (NIST) on the Automation of the Cryptographic Module Validation Program (ACMVP). "The National Cybersecurity Center of Excellence (NCCoE), a part of NIST, is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. Through this collaboration, the NCCoE develops modular, easily adaptable example cybersecurity solutions using standards, best practices, and commercially available technology." SUSE looks forward to our joint activities with NIST and the other vendors in the program. You can read more at the NIST ACMVP website.

• SUSE publishes the SUSE Security Situation Advisory Guide

  06/13/2022 - SUSE has translated into English its SUSE Security Situation Advisory Guide (SUSE S2 UAG) v. 1.1.  This guide provides an overview of possible immediate actions and approaches that can be taken with SUSE customer products.  It can be accessed via: https://links.imagerelay.com/cdn/3404/ql/0fb22d6c1aa740bf829f863d5841981a/SUSE_Security_Situation_Advisory_Guide__SUSE_S2UAG.pdf

• SUSE achieves Google Supply-chain Levels for Software Artifacts (SLSA) Level 4 Compliant Supply Chain

  06/07/2022 - SUSE has added SLSA Level 4 compliance to existing security certifications. SUSE Linux Enterprise (SLE) 15 SP4 is the first Linux distribution to deliver packages under the demanding Google SLSA standard distinctly adding a SLSA Level 4 Compliant Supply Chain that helps to protect against the increasing software security and supply chain threats customers face today.  Our SLSA: Securing the Software Supply Chain document details how SUSE, as a long-time champion and expert of software supply chain security, prepared for SLSA Level 4 compliance. You may also access the SUSECON Digital 22 presentation by Markus Noga, General Manager Linux Business Unit, where he talks with Google about this achievement.

• DISA releases the SUSE Rancher Manager Security Technical Implementation Guide (STIG)

  04/19/2022 - The Defense Information Systems Agency recently released the SUSE Rancher Manager Security Technical Implementation Guide (STIG), which is effective immediately upon release.  The STIG is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/. 

• DISA releases the SLES 15 Security Technical Implementation Guide Benchmark

  01/25/2022 - The Defense Information Systems Agency recently released the automated benchmark for the SLES 15 Security Technical Implementation Guide (STIG), which is effective immediately upon release.  The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

• DISA releases the SLES 15 STIG SCAP Benchmark

  01/25/2022 - DISA has released the Security Content Automation Protocol (SCAP) for the SLES 15 Security Technical Implementation Guide (STIG).  The SCAP is available for download at https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_15_V1R1_STIG_SCAP_1-2_Benchmark.zip.

• SUSE Linux Enterprise Server 15 SP2 Awarded Common Criteria Certification

  11/11/2021 - SUSE was awarded with the Common Criteria Certification (NIAP OSPP) for SUSE Linux Enterprise Server 15 SP2. This certification is mandatory for work with the United States (US) Federal Government. It demonstrates compliance to NIAP Protection Profile for General Purpose Operating Systems, Version 4.2.1 (CCEVS-VR-PP-0047) with the Extended Package for Secure Shell (SSH), Version 1.0 (CCES-VR-PP-0039). This certification extends our Common Criteria Certification track by US Compliance Regulations enabling US federal entities to profit from SUSE’s Certified Secure Software Supply Chain while complying with all necessary national regulations. 

• SUSE receives NIST FIPs validation for Libica Cryptographic Module running on IBM z15

  10/27/2021 – The National Institute of Standards and Technology (NIST) has awarded SUSE a validation certificate for the Libica Cryptographic Module, a software-hybrid module that provides general purpose cryptographic algorithms to applications running in the user space of the underlying operating system, SUSE Linux Enterprise Server on the IBM Z mainframes.  

• DISA releases updated STIGs for SUSE Linux Enterprise Server 12 and 15

  07/26/2021 – The Defense Information Systems Agency (DISA) has released updated STIGs for SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15.  

• NIST awards FIPs validation for SUSE Linux Enterprise Server 15 SP2

  07/22/2021 – The National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP) in compliance with the Federal Information Processing Standards (FIPS) 140-2, has validated all modules within SUSE Linux Enterprise Server 15 SP2.

• SUSE Linux Enterprise Server 15 SP2 Awarded Common Criteria Certification (EAL4+)

  07/08/2021 – The German Federal Office for Information Security (BSI) has awarded SUSE the Common Criteria Certification (EAL4+) for SUSE Linux Enterprise Server 15 SP2. This certification is significant in that it demonstrates to our customers SUSE’s dedication and efforts to provide a secure software supply chain developed in accordance with the best government and industry standards; thus providing our customers maximum assurance. The Common Criteria Certification (EAL4+) is the highest attainable for any open source developer. SUSE is extremely pleased as this certification once again demonstrates our commitment to quality, security, and innovation. To read more on software supply chain security issues see the National Institute of Standards and Technology (NIST) article entitled “Defending Against Software Supply Chain Attacks” published April 2021.

• DISA releases the SUSE Linux Enterprise Server 15 STIG

  01/29/2021 – The Defense Information Systems Agency (DISA) has released the SUSE Linux Enterprise Server 15 Security Technical Implementation Guide (STIG).