Solaris gets another Common Criteria certification
Sun's Solaris 10 operating system with Trusted Extensions has obtained Common Criteria certification for the Labelled Security Protection Profile (LSPP) at Evaluation Assurance Level (EAL) 4+. EAL 4+ is one of the highest commonly recognised assurance levels with very few operating systems exceeding it.
The certification applies to both the x86/64 and SPARC versions of the operating system. The Canadian auditors CGI have also included in the testing process a multi-level secured version of the Gnome GUI and desktop. Often, certified systems have only been tested and certified for command line usage.
Solaris had previously received EAL4+ certification for the Controlled Access Protection Profile (CAPP) and Role Based Access Control Protection Profile (RBACPP) for Solaris Trusted Extensions. The open source OpenSolaris operating system has not been certified, but the Trusted Extensions code has been incorporated into it.
Common Criteria, published as ISO/IEC 15408:2005, is an internationally standardised procedure for evaluating IT security. Protection profiles are used in CC certification to specify security objectives from the user point of view and form the basis of product certification. EAL certification is generally a pre-requisite for being able to deploy a product in security-related areas of government organisations or in the financial and health care sectors.