Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

IBM and SUSE LINUX Achieve a Higher Level of Linux Security Certification Across All IBM eServer Systems

  • 22 January, 2004 11:45

<p>IBM and Novell's SUSE LINUX business unit today announced they had achieved new levels of security and operations certification for SUSE that will further enable the adoption of Linux by governments, as well as the Department of Defense for critical command-and-control operations.</p>
<p>SUSE LINUX Enterprise Server 8 with Service Pack 3 on IBM eServers has achieved Controlled Access Protection Profile compliance under The Common Criteria for Information Security Evaluation (CC), commonly referred to as CAPP/EAL3+.</p>
<p>This represents a major expansion from last August, when IBM and SUSE announced they had achieved the first ever security certification for Linux. At that time, EAL2+ certification was announced for IBM's eServer xSeries line. Today's CAPP/EAL3+ achievement crosses the IBM eServer product line - iSeries, xSeries, pSeries and zSeries systems, as well as AMD Opteron-based systems.</p>
<p>CAPP/EAL3+ certification of Linux expands both the functional capabilities and confidence in Linux security beyond that met with the
EAL2+. This was achieved through the addition of an auditing subsystem
in SUSE LINUX Enterprise Server 8 that provides auditing of security critical events. In addition, the CAPP/EAL3+ certification required more exhaustive testing and review.</p>
<p>IBM and SUSE LINUX also announced Common Operating Environment (COE) compliance on IBM xSeries and zSeries platforms with SUSE LINUX Enterprise Server 8, with support for pSeries and iSeries available in the first half of 2004. This achievement means that SUSE LINUX is the first Linux distributor to offer both Common Criteria and COE compliance in the same package, creating the opportunity to run operational applications in a secure environment. COE, a specification created by the US Department of Defense (DoD), addresses functionality and interoperability requirements for commercially acquired IT products within its command-and-control systems.</p>
<p>"Certification under Common Criteria is a requirement for security related products in our environment," said William Wolf, U.S. Navy, Space &amp; Naval Warfare Systems Center, San Diego. "We are encouraged by EAL 3 certification for Linux, as new doors will open to build flexible, cost effective solutions for our end users."</p>
<p>"Today's announcement with SUSE LINUX is another key development fueling the rapid rise of Linux in the government sector," said James Stallings, general manager of Linux for IBM. "The Common Criteria certification across our server line further validates the security and quality of open source software. Additionally, the achievement of the operating environment standard necessary for critical command and control operations signifies that Linux can now be considered on equal footing with other operating systems."</p>
<p>The evaluation was completed by atsec information security GmbH, one of the world's leading vendor-independent IT security consulting companies, and accredited in Germany by the Federal Office for Information Security (BSI).</p>
<p>"Securing the EAL3+ certification is another clear testament to the strength of SUSE's processes," said Roman Drahtmueller, head of security, SUSE LINUX. "Thanks to the close collaboration between SUSE, IBM and atsec, as well as atsec's broad experience in security evaluation, customers now can benefit from security assurances across all IBM platforms that are unique in the Linux market."</p>
<p>The Common Criteria (CC) is an internationally recognized ISO standard (ISO/IEC 15408) used by the Federal government and other organizations to assess security and assurance of technology products. The CC provides a standardized way of expressing security requirements and defines the respective set of rigorous criteria by which the product will be evaluated. It is widely recognized among IT professionals, government agencies, and customers as a seal of approval for mission-critical software.</p>
<p>Under Common Criteria, products are evaluated against strict standards for various features, such as the development environment, security functionality, the handling of security vulnerabilities, security related documentation and product testing. In certifying SUSE LINUX Enterprise Server 8 across IBM eServer systems, atsec information security GmbH evaluated how SUSE LINUX develops, tests and maintains its products, as well as assessing the processes in place at the company for handling security issues in its software.</p>
<p>"BSI considers the increasing number of IT security certificates for IT products as a significant progress in advancing IT security on a broad scale," said Udo Helmbrecht, President of the German Federal Office for Information Security (BSI). "At the same time, certification has a positive effect on the quality of IT products. The certification of SUSE LINUX Enterprise Server 8 also demonstrates that the Common Criteria can definitly be used as basis for IT security certification of open source products."</p>
<p>IBM's commitment to accelerate the development and certification of Linux as a secure, industrial strength operating system is further demonstrated by the joint IBM/SUSE LINUX plan to pursue a higher level of security certification for SUSE Linux - CAPP/EAL4+ - across the IBM eServer product line later this year.</p>
<p>In addition to Linux, IBM plans to obtain Common Criteria certification of z/VM, its premier virtualization technology, in 2004. It is anticipated that z/VM will be certified to conform to the requirements of the Labeled Security Protection Profile (LSPP) and the Controlled Access Protection Profile (CAPP), both at EAL3+. z/VM helps enable mainframe customers to run tens to even hundreds of instances of the Linux operating system on a single IBM zSeries server. And in a future release of z/OS, IBM intends to certify z/OS to the CAPP/EAL3 and the LSPP/EAL3+ levels.</p>
<p>IBM's suite of middleware products are also in line for Common Criteria certification on Linux. Common Criteria certifications have been awarded to IBM Directory Server and Tivoli Access Manager. Many other IBM Software products are now in evaluation for Common Criteria certification. Additional IBM Software products are being prepared to enter the evaluation process. For more information about our current certifications, visit</p>
<p>About IBM
IBM is the world's largest information technology company, with 80 years of leadership in helping businesses innovate. Drawing on resources from across IBM and key IBM Business Partners, IBM offers a wide range of services, solutions and technologies that enable customers, large and small, to take full advantage of the new era of e-business. For more information about IBM and Linux, visit</p>
<p>About Novell
Novell, Inc. (Nasdaq: NOVL) is the leading provider of Net business solutions designed to secure and power the networked world. Novell help organisations solve complex business challenges, simplify their systems and processes, and capture new opportunities with one Net solutions. Novell provides worldwide channel, consulting, education and developer programs to support its products.</p>
<p>Media contacts:</p>
<p>Rebecca Cook
Ph: 03 9866 4722
<p>Emily Harrison
Ph: 03 9866 4722

Most Popular