Raising the security bar one notch higher, SuSE Linux AG and IBM Corp. said Wednesday they have achieved a more rigorous security certification for Linux operating system software running on Big Blue servers. With the higher-level security evaluation, the two companies hope to attract governments and organizations with critical operations to open source Linux software.
SuSE's Enterprise Server 8 software with Service Pack 3 running on IBM servers has achieved compliance with the Controlled Access Protection Profile under The Common Criteria for Information Security Evaluation, commonly referred to as CAPP/EAL3+, the Nuremberg, Germany, software vendor said.
This certification goes beyond security capabilities established in the EAL2+ certification by including, among other things, an auditing system and more exhaustive testing, according to Roman Drahtmüller, director of security development at SuSE.
Last year, IBM and SuSE achieved the first-ever security certification for Linux, Drahtmüller said. "This certification is a kind of standardization that enterprises and governments want when it comes to security," he said.
The Common Criteria is an internationally recognized ISO (International Standards Organization) standard used by governments and other organizations to assess the security and assurance of technology products. Under the Common Criteria, products are evaluated according to strict standards for various features, such as security functionality and the handling of security vulnerabilities.
Atsec Information Security GmbH evaluated the server software and hardware products of SuSE and IBM, with accreditation coming from the German Federal Office for Information Security.
Later this year, IBM and SuSE plan to pursue the next higher level of security certification, the CAPP/EAL4+.
In addition to Linux, IBM plans to obtain Common Criteria certification of its z/VM virtualization technology this year, SuSE said. This technology helps mainframe computer customers run tens to even hundreds of instances of the Linux operating system on a single IBM server, according to the German vendor.
Novell Inc. acquired SuSE last November.