SUSE Receives Common Criteria Security Certifications

March 5, 2013


Affordable, secure computing available for military, government and financial institutions

NUREMBERG, Germany

SUSE® today announced it has received Common Criteria Certificates at Evaluation Assurance Level EAL4, augmented by ALC_FLR.3 (EAL4+) for SUSE Linux Enterprise Server 11 SP2 including KVM virtualization and SUSE Linux Enterprise Server for System z 11 SP2. To achieve the certifications, SUSE’s products and processes for developing and maintaining its products passed a rigorous security evaluation performed by atsec information security. The certificates were issued by Bundesamt für Sicherheit in der Informationstechnik (BSI) – the German Federal Office for IT Security at the CeBIT expo in Hannover.

The certificates are recognized by 26 countries that have signed the Common Criteria Recognition Arrangement. Commercial and government agencies with environments that demand proven security assurance can trust SUSE Linux Enterprise Server to handle sensitive information affordably with an internationally agreed-upon and widely adopted standard for security evaluation.

"Security is vital to our enterprise customers. Linux has included many advanced security capabilities over the years, such as Mandatory Access Control, and these are now also used by KVM for virtualized environments," said Jean Staten Healy, Director Worldwide Linux and Open Virtualization at IBM. "The Common Criteria certification assures our customers that SUSE Linux Enterprise Server is equipped with the security features that help organizations deliver trusted computing in a range of environments, from governments, to financial institutions, to cloud computing."

"The added requirements of the OSPP-VIRT extended package for SUSE Linux Enterprise Server 11 SP2 including KVM virtualization address secure execution of multiple, separated compartments on a single trusted system and signify an important step forward in regards to virtualization," Sal La Pietra, CEO of atsec information security, commented. "These certifications are proof of SUSE’s commitment towards a sound long-term IT security strategy. We are pleased SUSE selected atsec information security to conduct their Common Criteria evaluations and we commend them, as well as BSI for their hard work that made this project possible."

atsec information security conducted the Common Criteria evaluations for SUSE Linux Enterprise Server 11 SP2, including KVM virtualization, and SUSE Linux Enterprise Server for System z 11 SP2 on Intel 64-bit Xeon, AMD 64-bit Opteron, and IBM System z (z10) architectures. The methodology used was Common Criteria v3.1. The Security Target utilizes Operating System Protection Profile version 2.0 in full compliance. The Evaluation Assurance Level is 4 (EAL4+). The "+" denotes augmentation Flaw Remediation (ALC_FLR.3) was added to the Security Target. "Flaw Remediation" refers to SUSE's processes in place for fixing security vulnerabilities.

About Common Criteria

The Common Criteria for Information Technology Security Evaluation is an international standard (ISO/IEC 15408). The current applicable version of CC is V3.1R3 and is available at www.commoncriteriaportal.org.

About SUSE

SUSE, a pioneer in open source software, provides reliable, interoperable Linux and cloud infrastructure solutions that give enterprises greater control and flexibility. More than 20 years of engineering excellence, exceptional service and an unrivaled partner ecosystem power the products and support that help our customers manage complexity, reduce cost, and confidently deliver mission-critical services. The lasting relationships we build allow us to adapt and deliver the smarter innovation they need to succeed—today and tomorrow. For more information, visit us at suse.com.