atsec evaluates Oracle® Enterprise Linux at Common Criteria EAL 4+2008-11-17
Austin, TX - atsec information security announced today that Oracle® Enterprise Linux Version 5 Update 1 has been certified by the German Common Criteria scheme as conformant to EAL4+ and the Controlled Access Protection Profile (CAPP), Role Based Access Control (RBAC), and Labeled Security Protection Profile (LSPP). The evaluation also covers Oracle Enterprise Linux 5 Update 1 executed in a guest domain on Oracle VM server virtualization software, demonstrating an EAL4+ certified environment. This evaluation adds to atsec’s impressive record of timely completions of Linux operating system evaluations. Since August 2003, atsec has initiated and completed more than 15 Linux evaluations at EAL3+ and EAL4+ on a broad range of hardware platforms. Completion of CC projects, in conjunction with a company’s development schedules, are important in order to reach their markets effectively and take the maximum benefit from their evaluation investment.
The Common Criteria standard is flexible and adapts to a variety of software paradigms – as atsec has shown by applying the methodology to open source software. atsec performed the first ever CC evaluation of a Linux operating system in 2003.
Stephan Mueller, Lead Evaluator for atsec, notes: “This evaluation extends the scope compared to previous evaluations as it now allows the execution of Oracle Enterprise Linux 5 Update 1 in an unprivileged Oracle VM domain, including the use of para-virtualized drivers.”
Only a handful of companies worldwide are accredited to perform evaluations under more than one national scheme. atsec’s Common Criteria labs have been accredited by NIAP CCEVS in the U.S., BSI in Germany and CSEC in Sweden to perform evaluations. This international presence and a large staff of qualified evaluators enable atsec to offer its customers both maximum flexibility and proven expertise and experience in Common Criteria evaluations. You can find more information about atsec’s qualifications and competence on our website (www.atsec.com). For independent confirmation of atsec’s Common Criteria capabilities, visit the NIAP, BSI or CSEC websites.
About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, the U.K., and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf. For more information please visit www.atsec.com.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates.