Tuesday Sep 20, 2005

Sun announces Solaris 10 3/05 Entering Common Criteria Evaluation

Good news, good news! Hot off the presses!


 Sun Microsystems, Inc. is pleased to announce that the Solaris 10 3/05 
 Operating System has entered into evaluation for Common Criteria evaluation.
 This announcement demonstrates Sun's commitment and leadership in the field
 of independent security certification of operating systems and acts as a 
 catalyst for many world wide government customers wanting to develop and 
 deploy on Solaris 10.

 Common Criteria evaluation represents and agreed upon standard for independent
 certification of various security claims for IT products. The Protection 
 Profiles and Evaluation Assurance Levels are mutually understood, agreed upon
 and accepted by over 22 different countries around the world as being required
 for deploying technology into sensitive scenarios. An example of a recognition
 body includes the National Information Assurance Program Common Criteria 
 Evaluation and Validation Scheme (NIAP CCEVS) in the United States and the 
 Canadian Common Criteria Evaluation and Certification Scheme (CCS) in Canada.

 Stepping above what is normal for the competition, Solaris 10 will be evaluated
 against the Controlled Access Protection Profile (CAPP) and Role Based Access
 Control Protection Profile (RBACPP) at Evaluation Assurance Level 4+ (EAL 4+).

 The Common Criteria testing is being conducted by CGI Information Systems and
 Management Consultants, Inc. in Ottawa, Ontario, Canada, who also conducted 
 the testing of the Solaris 9 Operating System. Actual time to complete the 
 evaluation is under investigation.

 The Communications Security Establishment (CSE) is the Canadian recognition 
 body that will be accepting the evaluation. Formal notice of the evaluation 
 status of Solaris 10 will be posted on CSE's Web site shortly and is available
 at :http://www.cse.dnd.ca/en/services/common_criteria/ongoing_evals.html

Technorati Tag:

Monday Oct 04, 2004

Common Criteria User's Forum

The Common Criteria User's Forum will be held this week in Washington, DC. Specifically, the event will begin on Wednesday, October 6th and conculde on Thursday, October 7th. The cost of this event is $100 for non-government employees. For U.S. government employees, the fee is waived.

(From the web site), the goals of the forum are to:

  • Recommend practical means to improve the Common Criteria processes and standards to make them a truly viable mechanism toward improving COTS product security for not only the Government, but for all customers.
  • Present the opportunity for all parties to express their perspectives on the issues raised and to identify realistic means to resolve them.
  • Provide an open forum to discuss and resolve the apparent differences between the views of commercial entities and NIAP.
  • Develop a specific plan of action for the recommendations from the NIAP Review and the Task Force Report as well as any additional recommendations developed by the attendees.
  • Begin to share Common Criteria experiences as a means of educating all stakeholders.

It looks like it will be both a fun and constructive event. I would encourage anyone interested in the future of the Common Criteria to stop by if you can. I will be moderating a session on day 2 entitled "Common Criteria Requirements for Commercial Users". This session will focus on what is needed to make the Common Critiera more relevant and appropriate for use in the private sector. It should be quite a discussion! If you are able to drop in, please say hello!

I will hopefully be getting back to my list of lesser known and/or publicized security enhancements to the Solaris 10 OS in the next day or so. Until then, thanks for reading and take care!

About

gbrunett

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today