SuSE Linux and IBM say they have achieved a more rigorous security certification for Linux operating system software running on IBM servers. Both companies hope to attract governments and organisations with critical operations to Linux.
SuSE's Enterprise Server 8 software with Service Pack 3 running on IBM servers has achieved compliance with the Controlled Access Protection Profile under The Common Criteria for Information Security Evaluation, commonly referred to as CAPP/EAL3.
This certification goes beyond security capabilities established in the EAL2+ certification by including, among other things, an auditing system and more exhaustive testing.
Last year, IBM and SuSE achieved the first security certification for Linux. "This certification is a kind of standardisation that enterprises and governments want when it comes to security," said SuSE director of security development Roman Drahtmuller.
The Common Criteria is an internationally recognized International Standards Organisation standard used by governments and other organisations to assess the security and assurance of technology products.
Under the Common Criteria, products are evaluated according to strict standards for various features, such as security functionality and the handling of security vulnerabilities.
Atsec Information Security evaluated SuSE's and IBM's server products, with accreditation coming from the German Federal Office for Information Security.
IBM and SuSE will pursue the next higher level of security certification, the CAPP/EAL4+, later this year.
John Blau writes for IDG News Service