Canonical’s Current Security Certifications

Canonical

Canonical

on 26 September 2018

Canonical has entered the security certifications space by achieving a few important security certifications for the first time on Ubuntu.

Canonical has achieved FIPS 140-2 Level 1 certification for several cryptographic modules on Ubuntu 16.04. Canonical has also achieved Common Criteria EAL2 certification for Ubuntu 16.04. In addition, Defense Information System Agency (DISA) has published Ubuntu 16.04 Security Technical Implementation Guide (STIG) allowing Ubuntu for use by Federal agencies. Center for Internet Security (CIS) has also been publishing benchmarks for Ubuntu which hardens the configuration of Ubuntu systems to make them more secure.

Canonical has made its security certification offerings available to all Ubuntu Advantage “Server Advanced” customers.

FIPS 140-2

FIPS 140-2 is a US government computer security standard. It defines security requirements related to the design and implementation of a cryptographic module. It is a requirement for U.S Federal agencies to use FIPS 140-2 validated cryptography to protect sensitive information. The standard puts stringent requirements on testing and ensuring that the cryptographic implementations meet the standards and work as expected. The testing and validation must be performed by a laboratory, which is accredited under the Cryptographic and Security Testing (CST) Laboratory Accreditation Program (LAP) and is part of NIST’s National Voluntary Laboratory Accreditation Program (NVLAP). The validation testing for Ubuntu 16.04 was performed by atsec Information Security, a U.S. Govt and BSI accredited laboratory.

Anyone deploying systems for U.S. Federal government use including the cloud services are required to use FIPS 140-2 compliant systems. FIPS 140-2 is also used commonly outside of US Federal space. It has been adopted in regulated industries like finance, healthcare, legal and manufacturing and few others where there are Federal regulations on data security.

Canonical has validated the following cryptographic modules for Ubuntu 16.04:

OpenSSH-Client validated level 1 May 2017 (#2907)
OpenSSH-Server validated level 1 May 2017 (#2906)
OpenSSL validated level 1 April 2017 (#2888)
Kernel Crypto API validated level 1 July 2017 (#2962)
Strongswan validated level 1 July 2017 (#2978)

The modules are certified on amd64, IBM power8 and IBM s390 hardware platforms.

Common Criteria

Common Criteria (CC) for Information Technology Security Evaluation is an international standard ISO/IEC IS 15408 for Computer security certification. It validates that a product satisfies a defined set of security requirements. Ubuntu 16.04 has been evaluated to assurance level EAL2 through CSEC – The Swedish Certification Body for IT Security. The consulting and evaluation was performed by atsec Information Security. The certification report is available on the CSEC website for more information.

Common Criteria is an internationally recognized set of standards used by Federal agencies, financial institutions and many other organizations dealing with sensitive data. The evaluation was performed on amd64, IBM power8 and IBM s390 hardware platforms.

STIG

Security Technical Implementation Guides (STIG) are developed by Defense Information System Agency (DISA) for the US Department of Defense (DoD). They are configuration guidelines for hardening systems to improve security. They contain technical guidance which when implemented, locks down software and systems to mitigate malicious attacks.

DISA has in conjunction with Canonical developed a STIG for Ubuntu 16.04, and published it on their website here.

CIS Benchmark

Center for Internet Security (CIS) is a non-profit organization that uses a consensus process to release benchmarks to safeguard organizations against cyber attacks. The benchmark contains configuration checklists to harden a system making it less vulnerable to malicious attacks. The consensus review process consists of subject matter experts who provide perspective on different backgrounds like audit and compliance, security research, consulting and software development. Each benchmark undergoes two phases of consensus review. In the first phase, a benchmark is drafted with the help of subject matter experts and a initial version of the benchmark is published. In the second phase, feedback from the wider internet community is reviewed and incorporated into the benchmark. Canonical has actively participated in the drafting of Ubuntu 16.04 and Ubuntu 18.04 benchmarks. CIS has also published benchmarks for Ubuntu 12.04 and 14.04 releases. The Ubuntu benchmarks can be downloaded from their website.

 

This article was written by Vineetha Kamath. The original article can be found here. 

Ubuntu desktop

Learn how the Ubuntu desktop operating system powers millions of PCs and laptops around the world.

Newsletter signup

Select topics you’re interested in

In submitting this form, I confirm that I have read and agree to Canonical’s Privacy Notice and Privacy Policy.

Related posts

Firefox ESR 60 availability on Ubuntu

Mozilla Release Engineering created a special customised packaging of the Ubuntu version of Firefox intended for our enterprise partners of Canonical. This is particularly useful if partners decide they need to apply policies to Firefox…

Plex arrives in Canonical’s Snap Store

The leading streaming media platform is now available to a wider Linux community Visit the Snap Store to see more information on Plex as a Snap and install it on your machine. London, UK: 11th October 2018 – Canonical, the company behind…

Ubuntu Server development summary – 2 Oct 2018

The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode.…