Certification
|
Size: 1901
Comment:
|
Size: 3050
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
| Canonical is seeking FIPS and CC certification for 16.04 LTS. We are also working to create DISA STIG and CIS Benchmark rulesets, together with auditing and remediation tooling, for 16.04 LTS. | Canonical has achieved FIPS 140-2 Level 1 certification for Ubuntu 16.04 LTS for the modules and hardware platforms listed in the section below. Other hardware platforms may successfully operate with the FIPS packages, but strictly, the FIPS certificates referenced below are limited to the specific hardware platforms described. Questions as to whether the FIPS certifications referenced below will be sufficient for a given customer’s hardware will need to be referred to the customer’s IT security policy. |
| Line 6: | Line 6: |
| Canonical is planning to offer Security Certification and Hardening for Ubuntu via a "paid for" Ubuntu Advantage Premium package. As a result, the FIPS and CC enabled packages will not be available in the publicly available Ubuntu archives. | Canonical is also currently pursuing Common Criteria EAL2 certification for Ubuntu 16.04 LTS. |
| Line 8: | Line 8: |
| For further information, please contact a member of the Canonical Inside Sales team at inside-sales@lists.canonical.com. | For Ubuntu 16.04 LTS, the following security hardening guides are available: * Defense Information System Agency (DISA) Security Technical Implementation Guide (STIG) * Center for Internet Security (CIS) Benchmark Canonical is planning to make its security certifications offerings available only to customers, typically customers of Ubuntu Advantage Server Advanced. For further information, please contact a member of the Canonical Inside Sales team at inside-sales@lists.canonical.com. |
| Line 18: | Line 24: |
| * Hardware platforms * IBM Power System 8001-22C with PAA * IBM Power System 8001-22C without PAA * IBM Power System 8247-22L with PAA * IBM Power System 8247-22L without PAA * IBM Power System 8335-GTB with PAA * IBM Power System 8335-GTB without PAA * IBM z13 with PAI * IBM z13 without PAI (single-user mode) * Supermicro SYS-5018R-WR with PAA * Supermicro SYS-5018R-WR without PAA |
|
| Line 19: | Line 37: |
| Current Status - in progress | * Current Status - In Progress, [[https://www.fmv.se/en/Our-activities/CSEC---The-Swedish-Certification-Body-for-IT-Security/In-evaluation-list/|ongoing certification list]] |
| Line 24: | Line 42: |
| * DISA STIG - Received official notification from DISA that Ubuntu 16.04 STIG has been approved. STIG going through DISA post approval review and will be posted on DISA website when completed. Estimated availability for download, Sept 2017. * [[https://www.cisecurity.org/cis-benchmarks/|CIS Benchmark]] available for 14.04 and 16.04 |
* DISA STIG - Received official notification from DISA that Ubuntu 16.04 LTS STIG has been approved. STIG going through DISA post approval review and will be posted on DISA website when completed. Estimated availability for download, Early October 2017. * [[https://www.cisecurity.org/cis-benchmarks/|CIS Benchmark]] available for 14.04 LTS and 16.04 LTS |
Canonical has achieved FIPS 140-2 Level 1 certification for Ubuntu 16.04 LTS for the modules and hardware platforms listed in the section below. Other hardware platforms may successfully operate with the FIPS packages, but strictly, the FIPS certificates referenced below are limited to the specific hardware platforms described. Questions as to whether the FIPS certifications referenced below will be sufficient for a given customer’s hardware will need to be referred to the customer’s IT security policy.
Canonical is also currently pursuing Common Criteria EAL2 certification for Ubuntu 16.04 LTS.
For Ubuntu 16.04 LTS, the following security hardening guides are available:
- Defense Information System Agency (DISA) Security Technical Implementation Guide (STIG)
- Center for Internet Security (CIS) Benchmark
Canonical is planning to make its security certifications offerings available only to customers, typically customers of Ubuntu Advantage Server Advanced. For further information, please contact a member of the Canonical Inside Sales team at inside-sales@lists.canonical.com.
Security certifications for Ubuntu 16.04
- FIPS 140-2
OpenSSH-Client validated level 1 May 2017 (#2907)
OpenSSH-Server validated level 1 May 2017 (#2906)
OpenSSL validated level 1 April 2017 (2888)
Kernel Crypto API validated level 1 July 2017 (2926)
Strongswan validated level 1 July 2017 (2978)
- Hardware platforms
- IBM Power System 8001-22C with PAA
- IBM Power System 8001-22C without PAA
- IBM Power System 8247-22L with PAA
- IBM Power System 8247-22L without PAA
- IBM Power System 8335-GTB with PAA
- IBM Power System 8335-GTB without PAA
- IBM z13 with PAI
- IBM z13 without PAI (single-user mode)
- Supermicro SYS-5018R-WR with PAA
- Supermicro SYS-5018R-WR without PAA
- Common Criteria (EAL2)
Current Status - In Progress, ongoing certification list
Final location for the FIPS and CC enabled packages - tbd
Official hardening guides
- DISA STIG - Received official notification from DISA that Ubuntu 16.04 LTS STIG has been approved. STIG going through DISA post approval review and will be posted on DISA website when completed. Estimated availability for download, Early October 2017.
CIS Benchmark available for 14.04 LTS and 16.04 LTS
Security/Certification (last edited 2017-12-13 15:38:55 by emilyr)