SUSE Certifications and Features

JUMP TO...

SUSE Linux Enterprise

Rancher

A Process That Never Ends

SUSE is committed to delivering best effort security to its customers and to the Open Source community. We believe that trust in Open Source Software, security in general, and the user's privacy in particular, are both indispensable and indefeasible. The Security Certifications and Security Solutions Teams continually work to certify all SUSE products, and develop security solutions to ensure the highest level of trust and reliability for our customers.

Latest News

  • NIST CMVP Process for FIPS Validation and Updates, Patches, and CVEs

    02/07/2025 - NIST has updated their site outlining the process for handling updates, patches, and CVEs for certified modules. You can read their statement at: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/cmvp-flow in the section entitled "FIPS Validation and Updates, Patches, and CVEs".

  • SUSE receives SOC2 and SOC3 Certification

    02/06/2025 - SUSE has attained SOC 2 and SOC 3 information security certification for both SUSE Corporate, as well as for Rancher Prime Hosted. The SOC 2 (Service Organization Control) Type 2 reports for SUSE Corporate and Rancher Prime Hosted provide a comprehensive assessment of SUSE’s organizational security controls over the one-year audit period, and they demonstrate to our clients and partners that their data is being protected effectively and consistently. It also builds trust by proving SUSE has a defined set of security practices in place and operates them effectively. All of which are crucial for securing business deals, especially with large enterprises that require high data security standards, lowering risks, and identifying potential gaps that require additional or modified policies and procedures. SOC 2 reports are need-to-know basis and can be provide to our clients upon request. SOC 3 reports will be available online.

  • SUSE SLE Micro 5.3 attains Common Criteria Certification

    01/24/2025 - SUSE SLE Micro 5.3 has attained Common Criteria (CC) Certification. It is the first-ever product security certification for SLE Micro and documents compliance with the CC standard for the NIAP General Purpose Operation System (GPOS) protection profile. More information can be found at: https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/1214.html and https://www.suse.com/support/security/certifications/. This certification is often required for customers in regulated markets (financial services, health, pharma, governments, etc.).

  • SUSE Receives Renewed ISO 27001 and ISO 27701 Certifications

    January 2025 - SUSE has successfully obtained renewed certifications for ISO 27001 and ISO 27701 from NQA. These renewed certifications serve as a testament to SUSE's ongoing dedication to excellence, providing our customers with the assurance that our practices meet the highest industry and compliance standards. 

    You can download the renewed certifications accessing the below links:

  • SUSE receives USGv6 certification of SUSE Linux Micro 6.1 from the University of New Hampshire Interoperability Laboratory

    12/17/2024 - SUSE Linux Micro 6.1 (SL Micro) has been certified by the University of New Hampshire Interoperability Laboratory (UNH-IOL) against the technical requirements of the USGv6-r1 profile. UNH-IOL provides testing and evaluation services of IPv6 technologies and certifies compliance.

  • SUSE receives NIST FIPS 140-3 validation of the SUSE Linux Enterprise Server Libica Cryptographic Module

    10/07/2024 - SUSE has attained NIST FIPS 140-3 certification of our SUSE Linux Enterprise Server (SLES) Libica Cryptographic Module thus completing the full certification process of SLES 15 SP4.

  • SLES 15 receives Common Criteria EAL4 certification from Korean IT Security Certification Center

    08/20/2024 - SUSE has attained a Common Criteria EAL4 level security certification for SUSE Linux Enterprise Server (SLES) 15 from the Korean Information Technology Security Certification Center (ITSCC), who evaluate and certify products for use by government agencies of the Republic of Korea.  SLES 15 is now listed on the ITSCC Approved Product Database permitting all agencies and organizations to utilize our product. The certificate can be viewed or retrieved from: https://www.itscc.kr/certprod/listA.do  

  • DISA releases the SUSE Linux Enterprise Micro 5 Security Technical Implementation Guide

    06/20/2024 - DISA has released the SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide (STIG).  The STIG can be downloaded from the DISA Document Library at: https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLEM_5_V1R1_STIG.zip

  • NIST validates the SUSE Rancher Kubernetes Cryptographic Library

    04/21/2024 - SUSE has received NIST validation under FIPS 140-2 for its SUSE Rancher Kubernetes Cryptographic Library. The certificate can be reviewed at: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4691

  • SUSE Receives Renewed ISO 27001 and ISO 27701 Certifications

    01/19/2024 - SUSE has successfully obtained renewed certifications for ISO 27001 and ISO 27701 from NQA. These renewed certifications serve as a testament to SUSE's ongoing dedication to excellence, providing our customers with the assurance that our practices meet the highest industry and compliance standards. 

    You can download the renewed certifications by accessing the below links:

  • UNH-IOL certifies SUSE Linux Enterprise Micro 5.5

    01/18/2024 - The University of New Hampshire Interoperability Laboratory (UNH-IOL) has certified SUSE Linux Enterprise Micro (SLE Micro) 5.5 under the USGv6 R1 technical requirements, and under the IPv6 Ready Logo Program.

  • UNH-IOL certifies SUSE Linux Enterprise Server 15 SP5

    01/17/2024 - The University of New Hampshire Interoperability Laboratory (UNH-IOL) has certified SUSE Linux Enterprise Server 15 SP 5 (SLES 15 SP5) under the USGv6R1 technical requirements, and under the IPv6 Ready Logo Program.

  • SUSE achieves Chinese Government Standard GB 18030 certification

    01/16/2024 - SUSE has achieved certification by the Chinese government for SUSE Linux Enterprise 15 for the GB 18030 standards.  The GB 18030 is the Chinese ideographic character set and encoding standard mandated by the Chinese government.  It was updated in 2022 supports the extended character support, and was implemented August 1, 2023. 

  • SUSE SLES 15 SP4 Common Criteria Certified

    12/15/2023 - SUSE Linux Enterprise Server 15 SP4 is now Common Criteria certified with the BSI scheme.  This guarantees that our operating system meets all the requirements of the NIAP Protection Profile General Purpose Operating System along with Functional Package for Secure Shell (SSH).

  • SUSE achieves AICPA SOC2 Compliance

    11/01/2023 - SUSE has achieved the AICPA System and Organization Controls (SOC2) Type 1 certification.  The audit was conducted by Armanino LLP, one of the largest independent accounting and business consulting firms in the United States.  SUSE is proud to provide yet another level of compliance to its clients.

  • SUSE Rancher Hosted achieves AICPA SOC2 Type 2 Compliance

    11/01/2023 - SUSE Rancher Hosted completed its annual SOC2 audit conducted by Armanino LLP, and has achieved SOC2 Type 2 Compliance.

  • University of New Hampshire Interoperability Laboratory certifies SUSE Linux Enterprise Micro 5.4

    09/29/2023 - The University of New Hampshire Interoperability Laboratory (UNH-IOL) has certified SUSE Linux Enterprise Micro (SLE Micro) 5.4 under the USGv6 R1 technical requirements. UNH-IOL provides testing and evaluation services of IPv6 technologies and certifies compliance.

  • UNH-IOL certifies SUSE Linux Enterprise Micro 5.3 IPv6 Ready

    08/23/2023 - The University of New Hampshire Interoperability Laboratory (UNH-IOL) has certified SUSE Linux Enterprise Micro (SLE Micro) 5.3 under the IPv6 Ready Logo Program.

  • UNH-IOL certifies SUSE Linux Enterprise Server 15 SP4

    06/05/2023 - The University of New Hampshire Interoperability Laboratory (UNH-IOL) has certified SUSE Linux Enterprise Server (SLES) 15 SP4 under the USGv6 R1 technical requirements. UNH-IOL provides testing and evaluation services of IPv6 technologies and certifies compliance.

  • NIST validates 17 new algorithms under the Cryptographic Algorithm Validation Program for SUSE Linux Enterprise Server 15 SP4

    04/26/2023 - NIST has validated 17 new algorithms for SUSE Linux Enterprise Server (SLES) 15 SP4. You can view these certifications at: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation-search?searchMode=implementation&vendor=suse&productType=-1&dateFrom=03%2F01%2F2023&dateTo=07%2F31%2F2023&ipp=250

  • SUSE Linux Entrprise Micro receives PSA Certified Level 1

    01/17/2023 - SUSE Linux Enterprise Micro 5.2 (SLE Micro) has received the PSA Certified Security Assurance Certificate (PSA Certified Level 1) on ARM. PSA (Platform Security Architecture) Certified is a security certification scheme for Internet of Things (IoT) hardware, software and devices. You can view our certification at: https://www.psacertified.org/products/suse-linux-enterprise-micro/

  • SUSE Obtains Two Certifications from NQA Endorsing Our Compliance with the ISO Standards

    12/06/2022 - SUSE is committed to building security into the foundation of our work that meets the most stringent industry and compliance standards as well as dedicated to the continuous improvement cycle of providing customers with security that protects their data.  

    We have implemented the ISO 27001 and its ISO 27701 in full scope and with all of the clauses and achieved certification of our Information Security Management System (ISMS) and the Privacy Information Management System (PIMS) to the respective standards, attesting to our commitment of secure innovation, with focus on privacy, rights and freedoms of individuals. In doing so, SUSE has obtained two certifications from NQA, the leading independent provider of environmental simulation testing, inspection and certification services, that spans across everything within SUSE and our entities, including all countries we operate in, subsidiaries and all processes.

    The ISMS & PIMS of SUSE (as PII Controller and Processor) applies to all client facing services, internal services, processed information including personal data related to employees, clients, openSUSE Community and other interested parties, related IT and non-it supporting infrastructure as detailed in the latest statement of Applicability version 1.0.

    For additional information, you can download the certifications accessing the below links:

  • DISA releases SUSE Rancher Kubernetes Engine 2 STIG

    10/31/2022 - SUSE is happy to announce the Defense Information Systems Agency (DISA) release of the SUSE Rancher Kubernetes Engine 2 Security Technical Implementation Guide (STIG). This content is published as a resource to assist in the application of security guidance to systems.  The STIG may be accessed at: https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RGS_RKE2_V1R1_STIG.zip

  • SUSE awarded the Certificate of Software Quality by the Telecommunications Technology Association of Korea

    08/01/2022 - SUSE has been awarded the Certificate of Software Quality Level 1 (Certificate #22-0353), also known as the Good Software (GS) Certification, by the Telecommunications Technology Association (TTA) of the Republic of Korea, for its SUSE Linux Enterprise Server 15.  "The GS (Good Software) Certification certifies good quality software based on international standards, ISO/IEC 25023, 25051 and 25041 to improve the quality of software products and promote the spread of high quality products."  Certificate can be viewed at: https://sw.tta.or.kr/product/prod_gsce_view.jsp?num=7255&pa=2d56c77a3d1739509363eafd002e37bb

  • SUSE becomes collaborator with NIST in the Automation of the Cryptographic Module Validation Program

    06/23/2022 - SUSE is proud to be a collaborating vendor with the National Institute of Standards and Technology (NIST) on the Automation of the Cryptographic Module Validation Program (ACMVP). "The National Cybersecurity Center of Excellence (NCCoE), a part of NIST, is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. Through this collaboration, the NCCoE develops modular, easily adaptable example cybersecurity solutions using standards, best practices, and commercially available technology." SUSE looks forward to our joint activities with NIST and the other vendors in the program. You can read more at the NIST ACMVP website.

  • SUSE publishes the SUSE Security Situation Advisory Guide

    06/13/2022 - SUSE has translated into English its SUSE Security Situation Advisory Guide (SUSE S2 UAG) v. 1.1.  This guide provides an overview of possible immediate actions and approaches that can be taken with SUSE customer products.  It can be accessed via: https://links.imagerelay.com/cdn/3404/ql/0fb22d6c1aa740bf829f863d5841981a/SUSE_Security_Situation_Advisory_Guide__SUSE_S2UAG.pdf

  • SUSE achieves Google Supply-chain Levels for Software Artifacts (SLSA) Level 4 Compliant Supply Chain

    06/07/2022 - SUSE has added SLSA Level 4 compliance to existing security certifications. SUSE Linux Enterprise (SLE) 15 SP4 is the first Linux distribution to deliver packages under the demanding Google SLSA standard distinctly adding a SLSA Level 4 Compliant Supply Chain that helps to protect against the increasing software security and supply chain threats customers face today.  Our SLSA: Securing the Software Supply Chain document details how SUSE, as a long-time champion and expert of software supply chain security, prepared for SLSA Level 4 compliance. You may also access the SUSECON Digital 22 presentation by Markus Noga, General Manager Linux Business Unit, where he talks with Google about this achievement.

  • DISA releases the SUSE Rancher Manager Security Technical Implementation Guide (STIG)

    04/19/2022 - The Defense Information Systems Agency recently released the SUSE Rancher Manager Security Technical Implementation Guide (STIG), which is effective immediately upon release.  The STIG is also available on the Cyber Exchange public site at https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RGS_MCM_V1R1_STIG.zip

  • DISA releases the SLES 15 Security Technical Implementation Guide Benchmark

    01/25/2022 - The Defense Information Systems Agency recently released the automated benchmark for the SLES 15 Security Technical Implementation Guide (STIG), which is effective immediately upon release.  The benchmark is also available on the Cyber Exchange public site at https://public.cyber.mil/stigs/downloads/.

  • DISA releases the SLES 15 STIG SCAP Benchmark

    01/25/2022 - DISA has released the Security Content Automation Protocol (SCAP) for the SLES 15 Security Technical Implementation Guide (STIG).  The SCAP is available for download at https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_15_V1R1_STIG_SCAP_1-2_Benchmark.zip.

  • SUSE Linux Enterprise Server 15 SP2 Awarded Common Criteria Certification

    11/11/2021 - SUSE was awarded with the Common Criteria Certification (NIAP OSPP) for SUSE Linux Enterprise Server 15 SP2. This certification is mandatory for work with the United States (US) Federal Government. It demonstrates compliance to NIAP Protection Profile for General Purpose Operating Systems, Version 4.2.1 (CCEVS-VR-PP-0047) with the Extended Package for Secure Shell (SSH), Version 1.0 (CCES-VR-PP-0039). This certification extends our Common Criteria Certification track by US Compliance Regulations enabling US federal entities to profit from SUSE’s Certified Secure Software Supply Chain while complying with all necessary national regulations. 

  • SUSE receives NIST FIPs validation for Libica Cryptographic Module running on IBM z15

    10/27/2021 – The National Institute of Standards and Technology (NIST) has awarded SUSE a validation certificate for the Libica Cryptographic Module, a software-hybrid module that provides general purpose cryptographic algorithms to applications running in the user space of the underlying operating system, SUSE Linux Enterprise Server on the IBM Z mainframes.  

  • DISA releases updated STIGs for SUSE Linux Enterprise Server 12 and 15

    07/26/2021 – The Defense Information Systems Agency (DISA) has released updated STIGs for SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15.  

  • NIST awards FIPs validation for SUSE Linux Enterprise Server 15 SP2

    07/22/2021 – The National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP) in compliance with the Federal Information Processing Standards (FIPS) 140-2, has validated all modules within SUSE Linux Enterprise Server 15 SP2.

  • SUSE Linux Enterprise Server 15 SP2 Awarded Common Criteria Certification (EAL4+)

    07/08/2021 – The German Federal Office for Information Security (BSI) has awarded SUSE the Common Criteria Certification (EAL4+) for SUSE Linux Enterprise Server 15 SP2. This certification is significant in that it demonstrates to our customers SUSE’s dedication and efforts to provide a secure software supply chain developed in accordance with the best government and industry standards; thus providing our customers maximum assurance. The Common Criteria Certification (EAL4+) is the highest attainable for any open source developer. SUSE is extremely pleased as this certification once again demonstrates our commitment to quality, security, and innovation. To read more on software supply chain security issues see the National Institute of Standards and Technology (NIST) article entitled “Defending Against Software Supply Chain Attacks” published April 2021.

  • DISA releases the SUSE Linux Enterprise Server 15 STIG

    01/29/2021 – The Defense Information Systems Agency (DISA) has released the SUSE Linux Enterprise Server 15 Security Technical Implementation Guide (STIG).

  • National Cryptologic Centre (Spain) Recognition

    01/10/2021 – The National Cryptologic Centre (CCN) an organisation within the National Intelligence Centre (CNI) of Spain has designated SUSE Linux Enterprise Server with the highest rating of ENS High for qualified products for the Spanish Government.