atsec information security today announced that Oracle® Enterprise Linux Version 4 Update 4 and Update 5 have been certified by the German Common Criteria scheme as conformant to EAL4+ and the Controlled Access Protection Profile (CAPP). The completion of this evaluation adds to atsec’s unparalleled reputation for timely completion of Linux evaluations. Since August 2003, atsec has initiated and completed 15 Linux evaluations at EAL3+ and EAL4+ of six different distributions on a broad range of hardware platforms. atsec’s customers value timely completion of projects in conjunction with their development schedules in order to reach their markets effectively and take the maximum benefit from their evaluation investment.
"Oracle is committed to following standard industry processes whether it’s for our private source or open source offerings," said Mary Ann Davidson, chief security officer, Oracle. "The Common Criteria evaluation for Oracle Enterprise Linux underscores our dedication to building security into all of our products and to helping organizations better protect their information."
atsec has extensive experience with Common Criteria, and applying the methodology to Open Source Software shows that Common Criteria can be flexible and adapts to a variety of complex software paradigms.
Gerald Krummeck, Common Criteria Lab Director for atsec Germany, notes: “After an assessment of the changes introduced with Update 5 compared to Update 4, atsec was able to include Update 5 into the evaluation on short notice. At atsec, we are proud of our status as the world leader in Linux evaluations, and maintaining that status requires us not only to pay attention to ongoing evaluations, but also to be flexible and creative in providing the best solutions for our customers.”
atsec is one of only four companies worldwide with multiple evaluation labs accredited to perform evaluations under more than one national scheme. atsec labs have been accredited by NIAP CCEVS in the U.S., BSI in Germany and CSEC in Sweden to perform evaluations using the Common Criteria standard. Eligibility to perform evaluations under three major schemes and the availability of a large staff of qualified evaluators enable atsec to offer its customers both maximum flexibility, and proven expertise and experience in Common Criteria evaluations. For more information about atsec’s qualifications and competence, see our website. For independent confirmation of atsec’s competence and reputation, visit the NIAP, BSI or CSEC websites.
About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, the U.K., and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.