Oracle is pleased to announce that Oracle Linux 7 received Common Criteria Certification which was performed against the National Information Assurance Partnership (NIAP) General Purpose Operating System v4.1 and additionally at Evaluation Assurance Level (EAL) 1.
Common Criteria is an international framework (ISO/IEC 15408) which defines a common approach for evaluating security features and capabilities of Information Technology security products. A certified product is one that a recognized Certification Body asserts as having been evaluated by a qualified, accredited, and independent evaluation laboratory competent in the field of IT security evaluation to the requirements of the Common Criteria and Common Methodology for Information Technology Security Evaluation.
Security evaluation is a process by which independent but accredited organizations provide assurance in the security of IT products and systems to commercial, government, and military institutions. Such evaluations, and the criteria upon which they are based, are designed to help establish an acceptable level of confidence for IT purchasers and vendors alike. Furthermore, security evaluation criteria and ratings can be used as concise expressions of IT security requirements.
The completed evaluation for Oracle Linux 7 update 3 was performed by atsec information security AB, in accordance with the requirements of Common Criteria, version 3.1, release 5, and the Common Methodology for IT Security Evaluation, version 3.1, release 5. The evaluation was performed at the evaluation assurance level Evaluation Activities for OSPP (Protection Profile for General Purpose Operating Systems v4.1) and SSH-EP (Extended Package for Secure Shell) as well as at the evaluation assurance level EAL 1, augmented by ALC_FLR.3 Flaw Remediation reporting procedures. The evaluation platform was Oracle Server X7-2 with both the Unbreakable Enterprise Kernel (UEK) and Red Hat Compatible Kernel (RHCK).
Oracle Linux is engineered for open cloud infrastructure. It delivers leading performance, scalability, reliability, and security for enterprise SaaS and PaaS workloads as well as traditional enterprise applications. Oracle Linux Support offers access to award-winning Oracle support resources and Linux support specialists, zero-downtime updates using Ksplice, additional management tools such as Oracle Enterprise Manager and lifetime support, all at a low cost. Unlike many other commercial Linux distributions, Oracle Linux is easy to download and completely free to use, distribute, and update.
For a matrix of Oracle security evaluations currently in progress as well as those completed, please refer to the Oracle Security Evaluations. Visit Oracle Linux Security to learn how Oracle Linux can help keep your systems secure and improve the speed and stability of your operations.