Current Issue

• Table of contents
• Archives
• RSS / XML

Inside

• GCN Lab Reviews
• Interviews
• Tech Reports

Hot Topics

• Authentication/Identity Mgt.
• Communications / Networks
• Content/Record Mgt.
• COOP / Telework
• Data Management
• Defense IT
• Enterprise Architecture
• Geospatial
• Hardware
• Homeland Security
• IPv6
• IT Management
• IT Security
• Mobile & Wireless
• State & Local
• Software Applications
• Storage Management
• Tech/Products Home
• Training and Certification
• Web Strategies
• Workflow / Collaboration

Archives

• Print Edition
• Forums

GCN - Industry Solutions

• Communications for Continuity Operations
• Oracle Resource Center
• NEW! Achieving Data Center Transformation
• Service Oriented Architecture
• Training & Simulation
• Security Directives and Compliance
• Data Center Virtualization
• Air Force ELSG Contract Guide

---

• Product/Services Finder

More >>

GCN Home > Tech Blog

Tech Blog

03/13/06 -- 12:51 PM

By Brad Grimes & Joab Jackson

Security odds n' sods

The IBM z/OS operating system (version 1.7) has been awarded Common Criteria certification at evaluation assurance level (EAL) 4+, trumpeted Atsec Information Security Corp., of Austin, Texas. Atsec, which conducted the evaluation, has called the z/OS the world’s most complex OS. Big Blue itself touts the OS as its flagship mainframe operating system, able to do the work of many individual servers under a single system. The company is currently working up version 1.8 of the system software.

While the folks down in Austin are celebrating the fruits of their hard work, the equally diligent team tasked with getting FIPS 140-2 validation for the OpenSSL open-source security modules are cursing their plight these days. Back in January, the Open Source Software Institute had gotten advance word that OpenSSL received certification from the National Institute of Standards and Technology. That premonition turned out to be premature, though. Shortly after the announcement, the Cryptographic Module Validation Program (a joint program between NIST and the Canadian Communications Security Establishment that validates products) requested additional changes to OpenSSL documentation and source-code packaging. The team has submitted those changes and is awaiting NIST response, reports John Weathersby, executive director of the Open Source Software Institute of Oxford, Miss., one of the sponsors of the work.

The OpenSSL validation, when it finally happens, will be a long time in coming. OSSI first submitted OpenSSL in May 2003 and most submissions speed through in less than a year, according to a Newsforge article earlier this year.

Update (March 23, 2006): NIST has certified OpenSSL, certification number 642.

Posted by Joab Jackson

 | Link to this Page | 

Read more blogs like these