references for hardened linux validation

I understand that SuSE linux qualified for use by secure (not classified)
US contractors, but am looking for details and citable references.

I found SuSE's German certification is available at
http://www.suse.com/de/security/cert...ion/index.html
With some uncertainty, I understand the above is applicable throughout the EU.

I suspect FIPS-140 is the US equivalent.
Is this correct?
What are the relevant federal documents?
How is compliance validated?

Any help appreciated,
--
Dr. Robert J. Meier
Server Vantage Agent Infrastructure

"Dr. Robert Meier" <worsel@c112927lin.svinfra.compuware.com> wrote in message news:<slrnchf2md.61r.worsel@c112927lin.svinfra.com puware.com>...
> I understand that SuSE linux qualified for use by secure (not classified)
> US contractors, but am looking for details and citable references.
>
> I found SuSE's German certification is available at
> http://www.suse.com/de/security/cert...ion/index.html
> With some uncertainty, I understand the above is applicable throughout the EU.
>
> I suspect FIPS-140 is the US equivalent.
> Is this correct?
> What are the relevant federal documents?
> How is compliance validated?
>
> Any help appreciated,

Since no one hs posted a reply, here goes, fwiw ...

FIPS 140-1 and 140-2 :
"Security Requirements for Cryptographic Modules"
The above certification is intended to cover a number of issues (using
the CAPP profile, I believe) -- it's not really as stringent as the
hype would indicate.

You may want to check these sites:
http://csrc.nist.gov/
http://niap.nist.gov/cc-scheme/
The latter is the US body equivalent to the one mentioned in your
post.

These days, I believe that merely passing a number of required FIPS
tests is an insufficient basis for evaluating something as complex and
multi-faceted as "security".

hth,
prg
email above disabled