Common Criteria
Run high security workloads on the certified configuration of Ubuntu
Developing and deploying open source workloads on regulated and high security environments requires rigid certifications. Ubuntu Pro and Ubuntu Advantage provide access to the necessary artifacts to comply with Common Criteria, an international (ISO/IEC 15408) computer security certification for high security environments.
What is Common Criteria?
Common Criteria (CC) for Information Technology Security Evaluation is an international standard (ISO/IEC IS 15408) for computer security certification, used by Governments, U.S. Federal agencies, financial institutions and many other organizations dealing with sensitive data. It ensures that products are evaluated by licensed laboratories to verify their security properties and that a common methodology is applied in certification.
In brief, it is a common methodology to evaluate products' security controls against a set of security claims. The set of security claims is grouped per product and is called a protection profile. There are different protection profiles that apply to different products. The profile Ubuntu derives its security requirements is the Operating System Protection Profile (OSPP).
What gets certified in Ubuntu under Common Criteria?
Ubuntu 18.04 LTS and 16.04 LTS have both been evaluated to assurance level EAL2 through CSEC – The Swedish Certification Body for IT Security. The evaluation testing was performed by atsec Information Security. The following table provides a summary of the releases and platforms that have been certified.
| Ubuntu version | Platform | Certification report | Additional information |
|---|---|---|---|
| Ubuntu 16.04 LTS | x86_64, IBM Power8 and IBM Z | 16.04.4 | Installation instructions |
| Ubuntu 18.04 LTS | x86_64 and IBM Z | 18.04.4 | Installation instructions |