认证 SUSE获得通用评估准则EAL4+级安全认证
发布时间: 2013-03-26 10:59 点击:
认证 SUSE获得通用评估准则EAL4+级安全认证
SUSE certification to obtain common criteria EAL4+ safety certification
近日,SUSE宣布SUSE Linux Enterprise Server 11 SP2,包括KVM虚拟化和 SUSE Linux Enterprise Server for System z 11 SP2.,已获得通用评估准则级别EAL4认证,并扩大到ALC_FLR.3 (EAL4+)。atsec信息安全评估机构对SUSE的产品及产品开发和维护的流程方法进行了严格的安全评估。德国联邦IT安全办公室(BSI)在汉诺威国际信息及通信技术博览会(CeBIT)上向SUSE颁发了此次证书。
Recently, SUSE announced that SUSE Linux Enterprise Server 11 SP2, including KVM virtualization and SUSE Linux Enterprise Server for System Z 11 SP2., has been the general evaluation criteria for level EAL4 certification, and expand to ALC_FLR.3 (EAL4+). Atsec information security evaluation mechanism of SUSE products and product development and maintenance process method for rigorous safety assessment. The German Federal IT Security Office (BSI) in the Hannover international information and Communication Technology Expo (CeBIT) to the SUSE issued the certificate.
签署了通用评估准则认可协议的26个国家都认可该证书。SUSE Linux Enterprise Server符合国际广泛达成一致的、广泛采用的信息安全评估标准,且价格合理,它可帮助那些需要可靠的信息安全保证的商业和政府机构来处理敏感信息。
26 countries signed the common criteria recognition agreements have recognized the certificate. SUSE Linux Enterprise Server meets international widely adopted widely agreed, information security evaluation criteria, and the price is reasonable, it can help those who need reliable information security assurance business and government agencies to handle sensitive information.
“安全对于我们的企业客户来说至关重要。Linux包含了许多高级安全功能,如Mandatory Access Control,这些功能现在也被用于KVM虚拟化环境,”IBM Worldwide Linux与Open Virtualization总监Jean Staten Healy表示:“获得通用评估准则认证可向我们的客户保证,SUSE Linux Enterprise Server配置了出色的安全功能,可帮助他们在不同的环境中进行安全计算,无论是政府机构、金融机构,或是在云计算环境中。”
"Safety is very important for our corporate clients. The Linux contains many advanced security features, such as Mandatory Access Control, these functions are now being used in the KVM virtual environment, "IBM Worldwide Linux and Open Virtualization director Jean Staten Healy said:" get common criteria certification to ensure our customers, SUSE Linux Enterprise Server configuration of the safety function good, can help they were secure computing in different environments, both government agencies, financial institutions, or in the cloud computing environment."
“ SUSE Linux Enterprise Server 11 SP2的OSPP-VIRT扩展软件包有一些额外要求,包括KVM虚拟化,它可解决在单个安全系统上安全执行多个、分隔的程序模块的问题,并且这意味着我们向虚拟化又前进了重要的一步,” atsec信息安全评估机构评价到:“这些证书证明了SUSE始终致力于采取一种合理而完善的长期IT安全战略。我们很荣幸SUSE选择了atsec信息安全评估机构来为其进行通用评估准则评估。我们也很欣赏SUSE和BSI为此项目的圆满完成所付出的努力。”
"SUSE Linux Enterprise Server 11 SP2 OSPP-VIRT expansion pack some additional requirements, including the KVM virtualization, it can solve the safe execution of multiple, separate program modules in a single security system problems, and that means we to virtualization is an important step forward," atsec information security evaluation mechanism evaluation: "the certificate to prove that SUSE has always been committed to adopt a reasonable and perfect long-term IT security strategy. We are honored to have SUSE choice atsec information security evaluation institutions to serve the common criteria evaluation. We also appreciate SUSE and BSI for this project the successful effort to complete."
atsec信息安全评估机构对SUSE Linux Enterprise Server进行了通用评估准则评估,包括KVM虚拟化,以及基于英特尔64位Xeon、AMD 64位Opteron、IBM System z (z10)基础架构的SUSE Linux Enterprise Server for System z 11 SP2。使用的评估方法为通用评估准则3.1版。安全对象使用了完全符合标准的Operating System Protection Profile version 2.0,评估保证等级为4 (EAL4+),其中“+”表示为安全对象增加了缺陷修复(ALC_FLR.3)增强功能。“缺陷修复”是指SUSE用于修复安全漏洞的流程方法。
Atsec information security assessment agencies for the common criteria evaluation of SUSE Linux Enterprise Server, including the KVM virtualization, and based on the Intel 64 Xeon, AMD 64 Opteron, IBM System Z (Z10) SUSE Linux Enterprise Server architecture based on for System Z 11 SP2. The assessment methods used for common criteria version 3.1. Security object used to fully comply with the standard of Operating System Protection Profile version 2, evaluation assurance level of 4 (EAL4+), which is expressed as "+" security object increased defect repair (ALC_FLR.3) enhancements. "Defects" refers to the SUSE for flow method to repair the security vulnerability.
通用评估准则简介
General evaluation criteria
IT安全评估通用准则是一个国际标准(ISO/IEC 15408),目前适用的版本为V3.1R3。
IT security evaluation common criteria is an international standard (ISO/IEC 15408), the appropriate version of V3.1R3.
认证 SUSE获得通用评估准则EAL4+级安全认证
SUSE certification to obtain common criteria EAL4+ safety certification