Some operating systems have achieved a certification from an external security auditing organization, such as a B2 or A1 CSC-STD-001-83 "Department of Defense Trusted Computer System Evaluation Criteria" or Common Criteria certification.
Note that meeting a given set of evaluation criteria does not make a computer operating system "secure". Certificates are not endorsements of the "goodness" of an IT product by any organization that recognizes or gives effect to the certificate. A certificate represents the successful completion of a validation that product met CC requirements for which it was evaluated/tested.
Note that certifications are given for a particular configuration of the system running on a certain set of hardware; the certificate is only valid for this specific configuation, and does not extend to the same software if any aspect of the installation is altered in any way. Often these scenarios are extremely limited compared to the normal environbments in which computer operating systems are usually used.
Trusted Solaris is a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control. Versions of Trusted Solaris through version 8 are Common Criteria certified. See [1] and [2] Trusted Solaris Version 8 recieved the EAL4 certification level augmented by a number of protection profiles. See [3] for explanation of The Evaluation Assurance Levels.
![[2]](http://wwws.sun.com/software/security/securitycert/images/TSol8_7-03CMS.jpg){kind=link}
Red Hat Enterprise Linux 3 is a version of the GNU/Linux operating system. It was evaluated at EAL2 in February 2004. [4]
One configration of Microsoft's Windows 2000 operating system with Service Pack 3 has been certified at CAPP/EAL4. One critic has translated the CAPP proviso on this as "Don't hook this to the internet, don't run email, don't install software unless you can 100% trust the developer, and if anybody who works for you turns out to be out to get you you are toast". [5]
See also: