Raising the security bar one notch higher, SuSE Linux and IBM said that they have achieved a more rigorous security certification for Linux operating system software running on Big Blue servers. With the higher-level security evaluation, the two companies hope to attract governments and organisations with critical operations to open source Linux software.
SuSE's Enterprise Server 8 software with Service Pack 3 running on IBM servers has achieved compliance with the Controlled Access Protection Profile under The Common Criteria for Information Security Evaluation, commonly referred to as CAPP/EAL3+, the software vendor said.
This certification goes beyond security capabilities established in the EAL2+ certification by including, among other things, an auditing system and more exhaustive testing, according to Roman Drahtmüller, director of security development at SuSE.
Last year, IBM and SuSE (which was acquired by Novell last year) achieved the first-ever security certification for Linux, Drahtmüller said. "This certification is a kind of standardisation that enterprises and governments want when it comes to security," he said.
The Common Criteria is an internationally recognised ISO (International Standards Organization) standard used by governments and other organizations to assess the security and assurance of technology products. Under the Common Criteria, products are evaluated according to strict standards for various features, such as security functionality and the handling of security vulnerabilities.
Atsec Information Security evaluated the server software and hardware products of SuSE and IBM, with accreditation coming from the German Federal Office for Information Security.
Later this year, IBM and SuSE plan to pursue the next higher level of security certification, the CAPP/EAL4+.
In addition to Linux, IBM plans to obtain Common Criteria certification of its z/VM virtualisation technology this year, SuSE said. This technology helps mainframe computer customers run tens to even hundreds of instances of the Linux operating system on a single IBM server, according to the German vendor.