Trusted Solaris 8 4/01 OE obtains marketplace first in security certification

Trusted Solaris 8 4/01 OE obtains marketplace first in security certification


May 8, 2002

Sun Microsystems announced that the Trusted Solaris 8 4/01 Operating Environment (Solaris OE) received security certification under the Common Criteria Labeled Security Protection Profile (LSPP) at Evaluation Assurance Level 4 (EAL4). The only operating system to achieve this level of certification, the Trusted Solaris 8 OE (http://sun.com/trustedsolaris) is an integrated platform expanding the capabilities of the Solaris 8 OE for customers who require enhanced security and strong access control in a highly secure environment.

The Trusted Solaris 8 OE is considered the de facto standard for protecting classified and sensitive information in military and government institutions. Providing multiple levels of security to control access and handling of data, the Trusted Solaris 8 OE provides extensive protection for servers and desktop systems that process highly sensitive information. The LSPP EAL4 independent evaluation assures customers that Trusted Solaris 8 OE meets the global standards for evaluating IT security set forth by Common Criteria. The LSPP EAL4 certification is equivalent to the Orange Book B1 standard published by the U.S. government.

"Solaris already sets the standard for operating system security, but users who require multiple levels of security can turn to Trusted Solaris 8 OE, which provides the highest level of security in the marketplace," said Andy Ingram, vice president of marketing, Solaris software. "Our customers face an increasingly hostile environment where internal and external security threats are growing in frequency and sophistication. They need an operating system that can protect trade secrets, customer lists, litigation strategies and other confidential, mission-critical information from security breaches."

Today, companies and government agencies invite customers, citizens, employees, partners and suppliers into their networks as part of day-to-day operations. This type of access allows for increased productivity, but can also leave sensitive data and classified information exposed. As information security breaches continue unabated, the financial toll and liability is mounting for both private and public enterprises. The Solaris 8 OE provides industry-leading security features not commonly found in standard operating systems. To extend these capabilities even further, Sun developed Trusted Solaris 8 OE, which enables organizations to safeguard their most-critical information in a networked environment by processing and managing information at different levels of sensitivity. The Trusted Solaris 8 OE takes security to the next level with mandatory access control, which restricts or grants access to data only after verifying the clearance level of the user and comparing it to the security level of the data.

One organization that demands security clearance for classified information is Veridian, a provider of information-based systems and integrated solutions for the national intelligence community, the Department of Defense, law enforcement and other federal and local government agencies. Using the capabilities of the Trusted Solaris 8 OE, Veridian developed the Trusted Network Environment, a scalable suite of applications, servers, databases, gateways and services that ensure fully audited, controlled access to all information and services across the IT enterprise.

"We've built all of our Trusted Network Environment client and server applications to run on the Trusted Solaris 8 OE," said David Castillo, Veridian's director of TNE product and service development. "The Trusted Solaris 8 OE provides the powerful security features that our government customers require to protect our nation's most valuable information."

The government sector has always required greater security, but now many private sector companies are also demanding a trusted network environment. For instance, a service provider may need to consolidate similar customers on the same server for management and cost efficiencies. The Trusted Solaris 8 OE, with its server virtualization features, enables the service provider to guarantee that customers sharing the same server will be unable to access each other's information. There is a growing worldwide interest in the Trusted Solaris 8 OE from network service providers, financial institutions, healthcare organizations, industrial companies and educational environments.

Additional Information About Trusted Solaris 8 OE Features:

  • Windowing -- Extends the standard Common Desktop Environment (CDE) and provides a secure gateway for the exchange of classified information via a user-friendly GUI. The trusted windowing system prevents unauthorized data or information transfers and also prevents unauthorized users from copying, forwarding or printing sensitive data.
  • Mandatory Access Control with Security Labels -- Manages access to information and processes it at multiple sensitivity levels. For instance, an internal record system at a healthcare organization can be configured using Trusted Solaris 8 OE so the admitting clerk can only view the patient's name, address and insurance data, while the attending physician can view the patient's entire medical history.
  • Role-Based Access Control -- Assigns administrative tasks to any number of defined system roles. These roles are functionally constrained so that administrators have only necessary and sufficient powers to perform administrative work, thus eliminating the risk of a potential superuser/root break in.

Trusted Solaris 8 OE offers new hardware support for all UltraSPARC III systems, including mid-frame Sun Fire servers and Sun Blade desktops.

All 12,000 applications available on the Solaris 8 OE, will run without recompilation or modification on Trusted Solaris 8 OE.

Pricing and Availability

The Trusted Solaris 8 4/01 OE is now available for the SPARC platform, starting at 2,495 for a two-CPU desktop license. For more information, visit http://sun.com/trustedsolaris.

About Common Criteria EAL4 LSPP Security Certification

LSPP EAL4 certification guarantees a moderate to high level of independently assured security in a conventional, commodity trusted operating environment. The LSPP EAL4 evaluation of the Trusted Solaris 8 OE was conducted by Logica, Ltd. -- an independent third-party. The Trusted Solaris 8 OE was certified for three protection profiles: Labeled Security (LSPP), Role-Based Access Control (RBACPP) and Controlled Access (CAPP). Logica's methodical testing searched for vulnerabilities and analyzed support and implementation for strong assurance that the Trusted Solaris 8 OE is based on strong security engineering and development practices. All major functionality of the Trusted Solaris 8 OE was included in the evaluation, such as NFS, NIS+, the Common Desktop Environment and Java-based administrative tools. To learn more about the Common Criteria security standards, visit http://commoncriteria.org.

About the Trusted Solaris Operating Environment

With more than a decade of refinement, the Trusted Solaris 8 OE is the platform of choice when separation of information and individuals is of prime importance. The Trusted Solaris 8 4/01 OE combines new levels of availability and reliability with support for massive scalability, sophisticated manageability and a high level of security.