DOD IT purchases based on Common Criteria certification

The Cray Linux Environment (CLE), a Linux distribution for Cray supercomputers, has been certified under the Common Criteria Evaluation and Validation Scheme.

Specifically, Cray Linux Environment 2.1, running on the Cray XT4 and Cray XT5 computer systems, conforms to the specifications Evaluation Level (EAL) 3+, with the vendor promising to provide ALC_FLR.1–level flaw remediation).

The security testing firm of  Atsec Information Security carried out the evaluation.

Overseen in the United States by the National Information Assurance Partnership (NIAP), Common Criteria is a set of security requirements established by government agencies and private companies and approved by the International Organization for Standardization. To have their products certified, vendors must provide a set of security attributes for each product that an independent laboratory verifies.

The Defense Department uses the Common Criteria certification as a baseline for buying information technology products for secure networks. NIAP is a partnership between the National Institute of Standards and Technology and the National Security Agency.

CLE, formerly known as Unicos /lc is a version of Novell's SuSE Linux (It is not related to earlier Cray versions of Unicos, a separate Unix- based operating system for Cray systems). This is the first Common Criteria-evaluated Linux distribution that includes such high performance computing components as the Lustre network file system, high-speed Remote direct memory access and the Alps application placement scheduler.

“The Linux-based operating system within the CLE suite is designed to run large, complex applications and scale efficiently to more than 240,000 processor cores," said Ian Miller, Cray senior vice president of sales and marketing, in a statement.

“Considering the distributed nature of the operating system, the testing was a challenge which was handled efficiently,” added Stephan Mueller, Atsec lead evaluator for the project.