RHEL 5 going for Common Criteria EAL 4 rating
RHEL 5 going for Common Criteria EAL 4 rating
Posted Sep 27, 2005 22:37 UTC (Tue) by drag (guest, #31333)In reply to: RHEL 5 going for Common Criteria EAL 4 rating by veillard
Parent article: RHEL 5 going for Common Criteria EAL 4 rating
Well I bet you'd be happy to know that Suse has had a EAL4 certification for some time now. :)
see:
http://www.heise.de/english/newsticker/news/56451
Posted Sep 29, 2005 19:57 UTC (Thu)
by kweidner (guest, #6483)
[Link]
FYI, you can get the official lists of evaluated products and products in evaluation directly, no need to dig for old press releases ;)
Mandatory Access Control (MAC) means that the OS enforces restrictions and users can't override them. For example, you can't copy a file marked "secret" to an insecure device even if you own the file. By contrast, users can change the standard filesystem permissions (aka Discretionary Access Control or DAC) and give read or write access to others for files they own.
MAC is potentially interesting even outside government environments since it can protect against malicious software - for example it could ensure that your web browser cannot read your financial data even if an attacker has full control over it due to a security flaw.
This is different, the SUSE evaluation used the CAPP profile (same as the MS Windows evaluation mentioned here), and the new RH evaluation will be adding LSPP and RBAC for mandatory access control and role based security, making it comparable to Trusted Solaris and similar systems.
RHEL 5 going for Common Criteria EAL 4 rating