Re: Linux security compliance

From: Steve Bremer (steveb_at_nebcoinc.com)
Date: 11/01/04

  • Next message: Russell, Daniel: "RE: Linux security compliance"
    Date: Mon, 01 Nov 2004 11:38:09 -0600
    To: <focus-linux@securityfocus.com>
    
    

    Vincent,

    >>I am searching for any information that if Linux is compliant to C2
    or
    Command Criteria. However, I could find any good references in the
    web.

    You probably won't find anything related to C2 since it's being phased
    out in favor of common criteria. But to answer your question, Linux
    does not meet C2 by default.

    >>Do you know if there are any good guidelines/documents talking about
    how
    to make Linux a trusted system?

    Suse and Red Hat have both had there systems certified for Common
    Criteria CAPP. I don't recall Red Hat's EAL level, but SLES 8 was
    certified EAL 3+.

    Here is a link to a document describing how to configure SLES 8 to meet
    the CAPP/EAL3+ certification:

    http://www.suse.com/de/security/eal3/SLES8_EAL3_SecurityGuide.pdf

    Hope this helps,

    Steve Bremer
    NEBCO, Inc.
    Systems & Security Administrator


  • Next message: Russell, Daniel: "RE: Linux security compliance"

    Relevant Pages

    • Re: common criteria status?
      ... rather than certification, but being certified under the common ... criteria can only help the project. ... >> under the common criteria. ... it would be better spent on developer time. ...
      (freebsd-questions)
    • Re: Cato was right
      ... what should the motor decertification policy be? ... Motors should be added to the certification list when they pass the required ... So what are the criteria you're focusing on and how do you determine that they ...
      (rec.models.rockets)
    • Re: Date projections
      ... Well if you are searching for records that will expire based on the certification date and the certification date is in the past I think your criteria would be ... Those would be the ones that are due to expire in the next 3 months. ... you could add 1 year to the current certification dates and check with your criteria. ...
      (microsoft.public.access.queries)
    • Re: CE Certification
      ... has to do to get a CE certification of A or B ... none of my Googling turns up the actual criteria. ... Look up Recreational Craft Directive (RCD) on the RYA website. ...
      (uk.rec.sailing)
    • Re: CE Certification
      ... to do to get a CE certification of A or B ... none of my Googling turns up the actual criteria. ... I think this is the law: ...
      (uk.rec.sailing)