Common Criteria certification?

[Shawn Geddis]

On Aug 25, 2006, at 9:56 AM, 473219 at googlemail.com wrote:\
> Hello,
>
> Have any official evaluations been done (or planned) to test BSD  
> operating
> systems for Common Criteria[1,2] certification ?
>
> BSD could be a good match for my project, but the project must use  
> an OS
> with CC EAL certification.  Sponsoring a full CC EAL evaluation  
> would be too
> expensive, but might be possible if there was previous work to  
> start from.
> (Perhaps there is a "chicken-and-egg" problem!)
>
> Thanks!
>
> [1] http://www.commoncriteriaportal.org/
> [2] http://niap.bahialab.com/cc-scheme/index.cfm


Considering that you are asking about BSD Operating Systems, Mac OS X  
is a BSD based system and Mac OS X 10.3.6 & Mac OS X Server 10.3.6  
were both certified under Common Criteria against CAPP at EAL3, I  
would suggest that as your first option.  ALL of the source code and  
services that had to be evaluated are part of the open source  
components of OS X available as part of "Darwin".

All Darwin source code is available at:
	http://www.opensource.apple.com/darwinsource/

Common Criteria Tools
	http://www.apple.com/support/downloads/commoncriteriatools.html


Additional Resources
	Common Criteria Test Case Download
		http://download.info.apple.com/Mac_OS_X/061-1665.20050216.CCCTsCs/ 
CCTestCases.dmg

See the following resources for further information:

	Common Criteria Evaluation and Validation Scheme
		http://niap.nist.gov/cc-scheme/st/ST_VID4012.html
	NIAP Report
		http://www.apple.com/support/security/commoncriteria/CC_NIAP.pdf
	Common Criteria Support
		http://www.apple.com/support/security/commoncriteria
	White Paper
		http://images.apple.com/support/security/commoncriteria/ 
CC_Whitepaper.pdf
	Admin Guide
		http://images.apple.com/support/security/commoncriteria/ 
CC_AdminGuide.pdf


- Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division    (Public & Private Sector)