Oracle is pleased to
announce that the Oracle Solaris 11.1 operating system has achieved a Common
Criteria certification at Evaluation Assurance Level (EAL) 4 augmented by Flaw
Remediation under the Canadian Communications Security Establishment’s (CSEC) Canadian Common Criteria Scheme (CCCS).
EAL4 is the highest level achievable for commercial software, and is the
highest level mutually recognized by 26 countries under the current Common
Criteria Recognition Arrangement (CCRA).
Oracle Solaris 11.1 is
conformant to the BSI Operating System Protection Profile v2.0 with
the following four extended packages. (1) Advanced Management, (2) Extended
Identification and Authentication, (3) Labeled Security, and (4)
Virtualization.
Common Criteria is an
international framework (ISO/IEC 15408) which defines a common approach for
evaluating security features and capabilities of Information Technology
security products.
A certified product is
one that a recognized Certification Body asserts as having been evaluated by a
qualified, accredited, and independent evaluation laboratory competent in the
field of IT security evaluation to the requirements of the Common Criteria and
Common Methodology for Information Technology Security Evaluation.
Oracle Solaris is the
industry’s most widely deployed UNIXtm operating system,
delivers mission critical cloud infrastructure with built-in virtualization,
simplified software lifecycle management, cloud scale data management, and
advanced protection for public, private, and hybrid cloud environments. It
provides a suite of technologies and applications that create an operating
system with optimal performance. Oracle Solaris 11.1 includes key technologies
such as Trusted Extensions, the Oracle Solaris Cryptographic Framework, Zones,
the ZFS File System, Image Packaging System (IPS), and multiple boot
environments.
The Oracle Solaris 11.1
Certification Report and Security Target can be viewed on the Communications Security Establishment Canada (CSEC)
site and on the Common Criteria Portal.
For more information on
Oracle’s participation in the Common Criteria program, please visit the main
Common Criteria information page here:
(http://www.oracle.com/technetwork/topics/security/oracle-common-criteria-095703.html)
For a complete list of
Oracle products with Common Criteria certifications and FIPS 140-2 validations,
please see the Security Evaluations website here:
(http://www.oracle.com/technetwork/topics/security/security-evaluations-099357.html).
