Revision as of 19:11, 13 April 2006 edit Dpv (talk \| contribs) 4,945 edits m Disambiguation link repair - You can help! ← Previous edit		Revision as of 15:17, 18 April 2006 edit undo JonHarder (talk \| contribs) Extended confirmed users, Rollbackers 36,355 edits Sharpen category; copyedits. Next edit →
Line 1: ~~Some~~A '''security-evaluated operating system''' is an [[operating system]]s ~~have~~that has achieved a certification from an external security auditing organization, such as a B2 or A1 [[TCSEC\|CSC-STD-001-83 "Department of Defense Trusted Computer System Evaluation Criteria"]] or [[Common Criteria]] certification. Note that meeting a given set of evaluation criteria does not make a computer operating system "secure". Line 8: Moreover, the field of operating systems which can apply to be evaluated is restricted to those with strong corporate backing, because of the costs that ensue. In general, you will find the most popular vendors listed here, while this does not mean that other solutions, such as [[Open-source software\|OSS]] solutions, couldn't reach, or exceed this level of security under certain circumstances, without even having tried to pass this advocacy evaluation. == [[Trusted Solaris]] == [[Trusted Solaris]] is a security-focused version of the [[Solaris Operating Environment\|Solaris]] [[Unix]] operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, [[pluggable authentication]], mandatory [[access control]], additional physical authentication devices, and fine-grained access control. Versions of Trusted Solaris through version 8 are [[Common Criteria]] certified. See [http://wwws.sun.com/software/security/securitycert/trustedsolaris.html] and [http://wwws.sun.com/software/security/securitycert/images/TSol8_7-03CMS.jpg] Trusted Solaris Version 8 received the [[Evaluation_Assurance_Level\|EAL]]4 certification level augmented by a number of protection profiles. See [http://csrc.nist.gov/cc/Documents/CC%20v2.1%20-%20HTML/PART3/PART36.HTM] for explanation of The Evaluation Assurance Levels. == [[BAE Systems' STOP]] == [[BAE Systems]]' STOP version 6.0.E received an [[Evaluation_Assurance_Level\|EAL]]4+ in April 2004 and the 6.1.E version received an [[Evaluation_Assurance_Level\|EAL]]5+ certification in March 2005. Previous versions of STOP have held a B3 certification under [[TCSEC]]. While STOP 6 is binary compatible with Linux, it is not derived from the [[Linux kernel]]. See [http://www.digitalnet.com/solutions/information_assurance/xts400_trusted_sys.htm] for an overview of the system. == [[Red Hat Enterprise Linux 3]] == [[Red Hat Enterprise Linux 3]] is a version of the [[GNU/Linux]] operating system. It was evaluated at [[Evaluation_Assurance_Level\|EAL]]2 in February 2004. [http://niap.nist.gov/cc-scheme/vpl/vpl_vendor.html] == ~~[[SUSE\|~~Novell Suse Enterprise Linux Server ~~9]]~~ == Novell's [[SUSE\|Novell Suse Enterprise Linux Server 9]] running on an IBM eServer was certified at CAPP/[[Evaluation_Assurance_Level\|EAL]]4+ in February 2005. [http://www.heise.de/english/newsticker/news/56451 News release at heise.de] == [[Microsoft Windows]] == All modern versions of [[Microsoft Windows]] have received EAL 4 Augmented ALC_FLR.3 certification: * [[Windows 2000]] Server, Advanced Server, and Professional, each with Service Pack 3 and Q326886 Hotfix operating on the x86 platform were certified as [http://niap.nist.gov/cc-scheme/st/ST_VID4002-VR.pdf CAPP/EAL 4 Augmented ALC_FLR.3]in October 2002. (This includes standard configurations as Domain Controller, Server in a Domain, Stand-alone Server, Workstation in a Domain, Stand-alone Workstation) Line 34: [[Category:Operating systems]] [[Category:Computer security procedures]]

Security-evaluated operating system: Difference between revisions