A Process That Never Ends

SUSE is committed to delivering best effort security to its customers and to the Open Source community. We believe that trust in Open Source Software, security in general, and the user's privacy in particular, are both indispensable and indefeasible. The Security Certifications and Security Solutions Teams continually work to certify all SUSE products, and develop security solutions to ensure the highest level of trust and reliability for our customers.

Latest News

• SUSE Linux Entrprise Micro receives PSA Certified Level 1

  01/17/2023 - SUSE Linux Enterprise Micro 5.2 (SLE Micro) has received the PSA Certified Security Assurance Certificate (PSA Certified Level 1) on ARM. PSA (Platform Security Architecture) Certified is a security certification scheme for Internet of Things (IoT) hardware, software and devices. You can view our certification at: https://www.psacertified.org/products/suse-linux-enterprise-micro/

• SUSE Obtains Two Certifications from NQA Endorsing Our Compliance with the ISO Standards

  12/06/2022 - SUSE is committed to building security into the foundation of our work that meets the most stringent industry and compliance standards as well as dedicated to the continuous improvement cycle of providing customers with security that protects their data.  

  We have implemented the ISO 27001 and its ISO 27701 in full scope and with all of the clauses and achieved certification of our Information Security Management System (ISMS) and the Privacy Information Management System (PIMS) to the respective standards, attesting to our commitment of secure innovation, with focus on privacy, rights and freedoms of individuals. In doing so, SUSE has obtained two certifications from NQA, the leading independent provider of environmental simulation testing, inspection and certification services, that spans across everything within SUSE and our entities, including all countries we operate in, subsidiaries and all processes.

  The ISMS & PIMS of SUSE (as PII Controller and Processor) applies to all client facing services, internal services, processed information including personal data related to employees, clients, openSUSE Community and other interested parties, related IT and non-it supporting infrastructure as detailed in the latest statement of Applicability version 1.0.

  For additional information, you can download the certifications accessing the below links:

  • ISO 27001
  • ISO 27701 

• DISA releases SUSE Rancher Kubernetes Engine 2 STIG

  10/31/2022 - SUSE is happy to announce the Defense Information Systems Agency (DISA) release of the SUSE Rancher Kubernetes Engine 2 Security Technical Implementation Guide (STIG). This content is published as a resource to assist in the application of security guidance to systems.  The STIG may be accessed at: https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RGS_RKE2_V1R1_STIG.zip

• SUSE awarded the Certificate of Software Quality by the Telecommunications Technology Association of Korea

  08/01/2022 - SUSE has been awarded the Certificate of Software Quality Level 1 (Certificate #22-0353), also known as the Good Software (GS) Certification, by the Telecommunications Technology Association (TTA) of the Republic of Korea, for its SUSE Linux Enterprise Server 15.  "The GS (Good Software) Certification certifies good quality software based on international standards, ISO/IEC 25023, 25051 and 25041 to improve the quality of software products and promote the spread of high quality products."  Certificate can be viewed at: https://sw.tta.or.kr/product/prod_gsce_view.jsp?num=7255&pa=2d56c77a3d1739509363eafd002e37bb

• SUSE becomes collaborator with NIST in the Automation of the Cryptographic Module Validation Program

  06/23/2022 - SUSE is proud to be a collaborating vendor with the National Institute of Standards and Technology (NIST) on the Automation of the Cryptographic Module Validation Program (ACMVP). "The National Cybersecurity Center of Excellence (NCCoE), a part of NIST, is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. Through this collaboration, the NCCoE develops modular, easily adaptable example cybersecurity solutions using standards, best practices, and commercially available technology." SUSE looks forward to our joint activities with NIST and the other vendors in the program. You can read more at the NIST ACMVP website.

• SUSE publishes the SUSE Security Situation Advisory Guide

  06/13/2022 - SUSE has translated into English its SUSE Security Situation Advisory Guide (SUSE S2 UAG) v. 1.1.  This guide provides an overview of possible immediate actions and approaches that can be taken with SUSE customer products.  It can be accessed via: https://links.imagerelay.com/cdn/3404/ql/0fb22d6c1aa740bf829f863d5841981a/SUSE_Security_Situation_Advisory_Guide__SUSE_S2UAG.pdf

• SUSE achieves Google Supply-chain Levels for Software Artifacts (SLSA) Level 4 Compliant Supply Chain

  06/07/2022 - SUSE has added SLSA Level 4 compliance to existing security certifications. SUSE Linux Enterprise (SLE) 15 SP4 is the first Linux distribution to deliver packages under the demanding Google SLSA standard distinctly adding a SLSA Level 4 Compliant Supply Chain that helps to protect against the increasing software security and supply chain threats customers face today.  Our SLSA: Securing the Software Supply Chain document details how SUSE, as a long-time champion and expert of software supply chain security, prepared for SLSA Level 4 compliance. You may also access the SUSECON Digital 22 presentation by Markus Noga, General Manager Linux Business Unit, where he talks with Google about this achievement.

• DISA releases the SUSE Rancher Manager Security Technical Implementation Guide (STIG)

  04/19/2022 - The Defense Information Systems Agency recently released the SUSE Rancher Manager Security Technical Implementation Guide (STIG), which is effective immediately upon release.  The STIG is also available on the Cyber Exchange public site at https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RGS_MCM_V1R1_STIG.zip

• DISA releases the SLES 15 Security Technical Implementation Guide Benchmark

  01/25/2022 - The Defense Information Systems Agency recently released the automated benchmark for the SLES 15 Security Technical Implementation Guide (STIG), which is effective immediately upon release.  The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

• DISA releases the SLES 15 STIG SCAP Benchmark

  01/25/2022 - DISA has released the Security Content Automation Protocol (SCAP) for the SLES 15 Security Technical Implementation Guide (STIG).  The SCAP is available for download at https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_15_V1R1_STIG_SCAP_1-2_Benchmark.zip.

• SUSE Linux Enterprise Server 15 SP2 Awarded Common Criteria Certification

  11/11/2021 - SUSE was awarded with the Common Criteria Certification (NIAP OSPP) for SUSE Linux Enterprise Server 15 SP2. This certification is mandatory for work with the United States (US) Federal Government. It demonstrates compliance to NIAP Protection Profile for General Purpose Operating Systems, Version 4.2.1 (CCEVS-VR-PP-0047) with the Extended Package for Secure Shell (SSH), Version 1.0 (CCES-VR-PP-0039). This certification extends our Common Criteria Certification track by US Compliance Regulations enabling US federal entities to profit from SUSE’s Certified Secure Software Supply Chain while complying with all necessary national regulations. 

• SUSE receives NIST FIPs validation for Libica Cryptographic Module running on IBM z15

  10/27/2021 – The National Institute of Standards and Technology (NIST) has awarded SUSE a validation certificate for the Libica Cryptographic Module, a software-hybrid module that provides general purpose cryptographic algorithms to applications running in the user space of the underlying operating system, SUSE Linux Enterprise Server on the IBM Z mainframes.  

• DISA releases updated STIGs for SUSE Linux Enterprise Server 12 and 15

  07/26/2021 – The Defense Information Systems Agency (DISA) has released updated STIGs for SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15.  

• NIST awards FIPs validation for SUSE Linux Enterprise Server 15 SP2

  07/22/2021 – The National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP) in compliance with the Federal Information Processing Standards (FIPS) 140-2, has validated all modules within SUSE Linux Enterprise Server 15 SP2.

• SUSE Linux Enterprise Server 15 SP2 Awarded Common Criteria Certification (EAL4+)

  07/08/2021 – The German Federal Office for Information Security (BSI) has awarded SUSE the Common Criteria Certification (EAL4+) for SUSE Linux Enterprise Server 15 SP2. This certification is significant in that it demonstrates to our customers SUSE’s dedication and efforts to provide a secure software supply chain developed in accordance with the best government and industry standards; thus providing our customers maximum assurance. The Common Criteria Certification (EAL4+) is the highest attainable for any open source developer. SUSE is extremely pleased as this certification once again demonstrates our commitment to quality, security, and innovation. To read more on software supply chain security issues see the National Institute of Standards and Technology (NIST) article entitled “Defending Against Software Supply Chain Attacks” published April 2021.

• DISA releases the SUSE Linux Enterprise Server 15 STIG

  01/29/2021 – The Defense Information Systems Agency (DISA) has released the SUSE Linux Enterprise Server 15 Security Technical Implementation Guide (STIG).

• National Cryptologic Centre (Spain) Recognition

  01/10/2021 – The National Cryptologic Centre (CCN) an organisation within the National Intelligence Centre (CNI) of Spain has designated SUSE Linux Enterprise Server with the highest rating of ENS High for qualified products for the Spanish Government.