The CAPP, a certification applying to operating systems and their associated hardware systems, plays a key role in specifying a set of functional and assurance requirements for IT products. This certification positions SGI among an elite group of computer hardware manufacturers with only two other vendors' systems having passed this stringent evaluation.
"The certification of Red Hat Enterprise Linux on SGI servers reaffirms that SGI Altix is a stable, secure platform ideally suited not just for sensitive government computing environments but commercial industry and research computing environments as well", stated Steve Neuner, director of Linux, SGI. "SGI continues to address customers' most challenging data management and analysis problems across a broad range of applications by improving productivity and time to decision for mission-critical environments."
The Common Criteria Security Certification was awarded to SGI by the National Information Assurance Partnership (NIAP), a U.S. Government initiative developed to meet the security testing needs of both IT consumers and producers. The long-term goal of NIAP, which is operated by the National Security Agency (NSA), is to help increase the level of trust consumers have in their information systems and networks through the use of cost-effective security testing, evaluation, and validation programnes. In meeting this goal, NIAP seeks to:
- Promote the development and use of evaluated IT products and systems;
- Champion the development and use of national and international standards for IT security;
- Foster research and development in IT security requirements definition, test methods, tools, techniques, and assurance metrics;
- Support a framework for international recognition and acceptance of IT security testing and evaluation results; and
- Facilitate the development and growth of a commercial security testing industry within the U.S.
The target of evaluation (TOE) for the certification was the Red Hat Enterprise Linux Version 4 Update 4 operating system. The TOE was a general purpose multi-user, multi-tasking Linux based operating system providing a platform for a variety of applications. The evaluation covered a potentially distributed but closed network of SGI Altix servers running the evaluated version of Red Hat Enterprise Linux. Red Hat Enterprise Linux provided the security functionality to meet the CAPP requirements.
SGI industry-standard platforms play a critical role in enabling government agencies, defense customers and industry leaders to collect, process, analyse, archive and exploit complex data, so that critical decisions can be executed with greater speed, confidence, and security. SGI provides integrated infrastructure that ensures data protection, integrity, and security while helping to accelerate decisions by delivering the right information to the right decision makers at the right time. Unlike any other server platform on the market today, memory, compute power, and data I/O are all independently scalable on the SGI Altix system enabling users to scale their system in any dimension to meet their specific computing needs.
The cryptography used in this product was tested using a cipher compliance test approach, which used the methodology proscribed by the NIST Cryptographic Algorithm Validation Scheme. Those security functions included as FIPS Approved functions were tested by the cryptographic test laboratory and validated by NIST's Cryptographic Algorithm Validation Programme.
With this certification, all operating systems SGI offers today have been evaluated - IRIX, Trusted IRIX, and SUSE Linux Enterprise Server 9 from Novell. SGI is pursuing further Common Criteria security evaluations on Altix and Altix XE platforms that include Labeled Security Protection Profile, Version 1.b (multi-level secure access equivalent to SGI's Trusted IRIX OS) and Role Based Access Control Protection Profile Version 1.0.