Sunday Feb 19, 2012

Oracle Solaris 11 in Common Criteria (ISO/IEC 15408) EAL4+ Evaluation

Oracle's Security Evaluations team is please to announce Oracle Solaris 11 is in official In Evaluation status under the Canadian Common Criteria Scheme at Evaluation Assurance Level (EAL) 4 Augmented by Flaw Remediation.  EAL4 is the highest level typically achievable for commercial software, and is the highest level mutually recognized by 26 countries under the Common Criteria Recognition Arrangement (CCRA). Although taking the evaluation above EAL4, Flaw Remediation is also accepted under the CCRA.

The evaluation is being conducted against the Operating System Protection Profile (OS PP) and includes the following four optional extended packages.  (1) Advanced Management (AM), (2) Extended Identification and Authentication (EIA), (3) Labeled Security (LS), and (4) Virtualization (VIRT).  We anticipate that very  shortly we will also be evaluating against the NSA U.S. Government  Protection Profile for General-Purpose Operating Systems in a  Networked Environment at EAL2. The evaluation will also be attempting to achieve a greater degree of hardware platform independence for Solaris than has been the case previously.

Since the Common Criteria evaluation is an independent activity conducted by a third party facility, eventual success is not guaranteed and some aspects are subject to change and out of Oracle's direct control.  Completion timescales in particular are not published, and may be adjusted according to the evaluation findings and remediation requirements.

* Web Links *

- Oracle External Website
http://www.oracle.com/technetwork/topics/security/security-evaluations-099357.html

- Canadian Common Criteria Scheme Website
http://www.cse-cst.gc.ca/its-sti/services/cc/oe-pece-eng.html

- The Common Criteria Recognition Arrangement
http://www.commoncriteriaportal.org/ccra/

- Operating System Protection Profile
http://www.commoncriteriaportal.org/files/ppfiles/pp0067b_pdf.pdf

- U.S. Government Protection Profile for General-Purpose
  Operating Systems in a Networked Environment
http://www.commoncriteriaportal.org/files/ppfiles/pp_gpospp_v1.0.pdf

About

eSTEP LogoeSTEP is an integrated program for our partner, focusing at the technical community to provide them with relevant technical information for their day-to-day business with us

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
5
6
7
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today