# Security-evaluated operating system

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Security-evaluated_operating_system
> Markdown URL: https://mediated.wiki/source/Security-evaluated_operating_system.md
> Source: https://en.wikipedia.org/wiki/Security-evaluated_operating_system
> Source revision: 1356341524
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{Short description|Operating system that achieved security certification}}

In [computing](/source/computing), '''security-evaluated operating systems''' have achieved certification from an external security-auditing organization, the most popular evaluations are  [Common Criteria](/source/Common_Criteria) (CC) and [FIPS 140-2](/source/FIPS_140-2).

==Oracle Solaris==
[Trusted Solaris](/source/Trusted_Solaris) 8 was a security-focused version of the [Solaris](/source/Solaris_(operating_system)) [Unix](/source/Unix) operating system.  Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, [pluggable authentication](/source/pluggable_authentication), mandatory [access control](/source/access_control), additional physical authentication devices, and fine-grained access control(FGAC).  Versions of Trusted Solaris through version 8 are [Common Criteria](/source/Common_Criteria) certified.<ref>{{Cite web |last=Fischer |first=PJ |date=30 March 2004 |title=CESG INFORMATION ASSURANCE AND CERTIFICATION SERVICES |url=http://www.sun.com/software/security/securitycert/images/TSol8_7-03CMS.jpg |url-status=usurped |archive-url=https://web.archive.org/web/20070312070621/http://www.sun.com/software/security/securitycert/images/TSol8_7-03CMS.jpg |archive-date=12 March 2007}}</ref><ref>{{Cite web |date=2004-10-13 |title=Sun Common Criteria Certification |url=http://wwws.sun.com/software/security/securitycert/trustedsolaris.html |archive-url=https://web.archive.org/web/20041013000439/http://wwws.sun.com/software/security/securitycert/trustedsolaris.html |archive-date=13 October 2004 |access-date=2023-02-17 |website=Sun Microsystems}}</ref>

Trusted Solaris Version 8 received the [EAL](/source/Evaluation_Assurance_Level) 4 certification level augmented by a number of protection profiles. {{r|g=nb|r=See [https://web.archive.org/web/20040621163731/http://csrc.nist.gov/cc/Documents/CC%20v2.1%20-%20HTML/PART3/PART36.HTM  6 Evaluation assurance levels] for explanation of The Evaluation Assurance Levels.}}

==BAE Systems' STOP==
[BAE Systems](/source/BAE_Systems)' [STOP](/source/XTS-400) version 6.0.E received an [EAL](/source/Evaluation_Assurance_Level)4+ in April 2004 and the 6.1.E version received an [EAL](/source/Evaluation_Assurance_Level)5+ certification in March 2005.  STOP version 6.4 U4 received an EAL5+ certification in July 2008.  Versions of STOP prior to STOP 6 have held B3 certifications under [TCSEC](/source/TCSEC). While STOP 6 is binary compatible with Linux, it does not derive from the [Linux kernel](/source/Linux_kernel).  See for an overview of the system.<ref>{{Cite web |title=XTS-400™ - BAE Systems |url=https://www.baesystems.com/ProductsServices/bae_prod_csit_xts400.html |access-date=2024-03-01 |website=www.baesystems.com |archive-date=2012-02-21 |archive-url=https://web.archive.org/web/20120221222220/https://www.baesystems.com/ProductsServices/bae_prod_csit_xts400.html |url-status=bot: unknown }}</ref>

==Red Hat Enterprise Linux==
[Red Hat Enterprise Linux](/source/Red_Hat_Enterprise_Linux) Version 7.1 achieved [EAL](/source/Evaluation_Assurance_Level)4+ in October 2016.<ref>{{Cite web|title=Red Hat Achieves Common Criteria Security Certification for Red Hat Enterprise Linux 7|url=https://www.redhat.com/en/about/press-releases/red-hat-achieves-common-criteria-security-certification-red-hat-enterprise-linux-7|access-date=2023-02-17|website=www.redhat.com|date=26 October 2016 |language=en}}</ref>

[Red Hat Enterprise Linux](/source/Red_Hat_Enterprise_Linux) Version 6.2 on 32 bit x86 Architecture achieved [EAL](/source/Evaluation_Assurance_Level)4+ in December 2014.<ref>{{Cite report |url=https://www.commoncriteriaportal.org/files/epfiles/0924a_pdf.pdf |title=Certification Report BSI-DSZ-CC-0924-2014 for Red Hat Enterprise Linux on 32 bit x86 Architecture, Version 6.2 from Red Hat, Inc. |last=Weber |first=Joachim |date=28 May 2010 }}</ref>
[Red Hat Enterprise Linux](/source/Red_Hat_Enterprise_Linux) Version 6.2 with KVM Virtualization for x86 Architectures achieved [EAL](/source/Evaluation_Assurance_Level)4+ in October 2012.<ref>{{Cite report |url=https://www.commoncriteriaportal.org/files/epfiles/0754a_pdf.pdf |title=Cerfification Report BSI-DSZ-CC-0754-2012 for Red Hat Enterprise Linux, Version 6.2 with KVM Virtualization for x86 Architectures from Red Hat, Inc. |last=Kowalski |first=Bernd |date=23 October 2012 |publisher=Federal Office for Information Security}}</ref>

[Red Hat Enterprise Linux](/source/Red_Hat_Enterprise_Linux) 5 achieved [EAL](/source/Evaluation_Assurance_Level)4+ in June 2007.<ref>{{cite web |url=http://www.niap-ccevs.org/cc-scheme/st/?vid=10165 |url-status=dead |archive-url=https://web.archive.org/web/20071214060630/http://www.niap-ccevs.org/cc%2Dscheme/st/?vid=10165 |archive-date=2007-12-14 |title=CCEVS: Validated Product - Red Hat Enterprise Linux Version 5}}</ref><ref>{{cite web |url=http://www.niap-ccevs.org/cc-scheme/st/index.cfm/vid/10125 |title = NIAP}}</ref>

==Novell SUSE Linux Enterprise Server==
Novell's [SUSE Linux Enterprise Server](/source/SUSE_Linux_Enterprise_Server) 15 is certified for IBM Z, Arm and x86-64 at CAPP/[EAL](/source/Evaluation_Assurance_Level)4+ in August 2021. See.<ref>{{Cite web |title=SUSE Linux Enterprise Earns Common Criteria EAL 4+,... |url=https://www.suse.com/news/SUSE-Linux-Enterprise-Earns-Common-Criteria-Certification/ |access-date=2024-03-01 |website=www.suse.com |language=en}}</ref>

Novell's [SUSE Linux Enterprise Server](/source/SUSE_Linux_Enterprise_Server) 9 running on an IBM eServer was certified at CAPP/[EAL](/source/Evaluation_Assurance_Level)4+ in February 2005. See [https://web.archive.org/web/20050221071252/http://www.heise.de/english/newsticker/news/56451 News release at heise.de].

==Microsoft Windows==
The following versions of [Microsoft Windows](/source/Microsoft_Windows) have received EAL 4 Augmented ALC_FLR.3 certification:

* [Windows 2008](/source/Windows_2008) Server (64-bit), Enterprise (64-bit) and Datacenter, as well as [Windows Vista](/source/Windows_Vista) Enterprise (both 32-bit and 64-bit) attained EAL 4 Augmented (colloquially referred to as EAL 4+) ALC_FLR.3 status in [http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf 2009].
* [Windows 2000](/source/Windows_2000) Server, Advanced Server, and Professional, each with Service Pack 3 and Q326886 Hotfix operating on the x86 platform were certified as [https://web.archive.org/web/20041211111405/http://niap.nist.gov/cc-scheme/st/ST_VID4002-VR.pdf CAPP/EAL 4 Augmented ALC_FLR.3] in October 2002. (This includes standard configurations as Domain Controller, Server in a Domain, Stand-alone Server, Workstation in a Domain, Stand-alone Workstation)
* [Windows XP](/source/Windows_XP) Professional and Embedded editions, with Service Pack 2, and [Windows Server 2003](/source/Windows_Server_2003) Standard and Enterprise editions (32-bit and 64-bit), with Service Pack 1, were all [http://www.microsoft.com/presspass/press/2005/dec05/12-14CommonCriteriaPR.mspx certified] in December 2005.

==Mac OS X==

Apple's [Mac OS X](/source/Mac_OS_X) and Mac OS X Server running 10.3.6 both with the Common Criteria Tools Package installed were certified at CAPP/[EAL](/source/Evaluation_Assurance_Level)3 in January 2005. [https://web.archive.org/web/20060715032340/http://niap.nist.gov/cc-scheme/vpl/vpl_type.html#operatingsystem]

Apple's Mac OS X & Mac OS X Server running the latest version 10.4.6 have not yet been fully evaluated however the Common Criteria Tools package is available.<ref>{{cite web |url=https://www.apple.com/support/downloads/commoncriteriatoolsfor104.html |title=Apple - Support - Downloads - Common Criteria Tools for 10.4 |website=www.apple.com |url-status=dead |archive-url=https://web.archive.org/web/20050503222757/http://www.apple.com/support/downloads/commoncriteriatoolsfor104.html |archive-date=2005-05-03}}</ref>

==iOS or iPadOS==
The iPhone and iPad are authorized to be used for NATO Restricted clearance systems. Does not require additional software to be installed, they operate securely when orchestrated by a device management service.<ref>{{cite web |title=iPhone and iPad approved to handle classified NATO information |url=https://www.apple.com/newsroom/2026/02/iphone-and-ipad-approved-to-handle-classified-nato-information/ |website=Apple |access-date=27 May 2026}}</ref><ref>{{cite web |title=iOS and iPadOS 26 with Indigo configuration |url=https://www.ia.nato.int/niapc/Product/Indigo-26_968 |website=NATO |access-date=27 May 2026}}</ref>

== GEMSOS ==
Some{{which|date=April 2025}} versions of Gemini [Multiprocessing](/source/Multiprocessing) Secure Operating System were qualified as a [TCSEC](/source/Trusted_Computer_System_Evaluation_Criteria) A1 system. GEMSOS runs on [x86](/source/IA-32) processor type [COTS](/source/Commercial_off-the-shelf) hardware.

== OpenVMS and SEVMS ==
The SEVMS <ref>{{cite web|url= http://h71000.www7.hp.com/openvms/products/sevms/|title=Security Enhanced VMS (SEVMS) |archive-url= https://web.archive.org/web/20151119105617/http://h71000.www7.hp.com/openvms/products/sevms/|archive-date=2015-11-19|website=Hewlett Packard}}</ref> enhancement to [VMS](/source/OpenVMS) was a CC B1/B3<ref>{{Cite web |url=http://www.decus.de/slides/sy2000/Vortraege_2803/1M01.PDF |title=OpenVMS security presentation |access-date=2006-06-16 |archive-date=2007-10-24 |archive-url=https://web.archive.org/web/20071024112653/http://www.decus.de/slides/sy2000/Vortraege_2803/1M01.PDF |url-status=dead }}</ref> system formerly of [Digital Equipment Corporation](/source/Digital_Equipment_Corporation) (DEC). A standard OpenVMS installation is rated as CC C2.<ref>National Computer Security Center (NCSC) Trusted Product Evaluation List (TPEL)</ref>

== Green Hills INTEGRITY-178B ==

[Green Hills Software](/source/Green_Hills_Software)'s INTEGRITY-178B real-time operating system was certified at Common Criteria [EAL](/source/Evaluated_Assurance_Level)6+ in September 2008, [http://www.niap-ccevs.org/st/vid10119/] running on an embedded PowerPC processor on a Compact PCI card.

== Unisys MCP ==

The [Unisys MCP](/source/Burroughs_MCP) operating system includes an implementation of the DoD [Orange Book](/source/Trusted_Computer_System_Evaluation_Criteria) [C2 specification](/source/Trusted_Computer_System_Evaluation_Criteria), the controlled access protection sub-level of discretionary protection.<ref name="orangebook" /> MCP/AS obtained the C2 rating in August, 1987.<ref>{{cite book|publisher= National Computer Security Center|date=September 27, 1989|title= Final Evaluation Report of Unisys Corporation A Series MCP/AS Release 3.7 (CSC-EPL-87/003, Library No. S228,515)|location=Fort George G. Meade, MD|url= http://apps.dtic.mil/dtic/tr/fulltext/u2/a208007.pdf|archive-url= https://web.archive.org/web/20160304060308/http://www.dtic.mil/dtic/tr/fulltext/u2/a208007.pdf|url-status= live|archive-date= March 4, 2016}}</ref>

== Unisys OS 2200 ==

The [Unisys OS 2200](/source/OS_2200) operating system includes an implementation of the DoD [Orange Book](/source/Trusted_Computer_System_Evaluation_Criteria) [B1, Labeled security protection](/source/Trusted_Computer_System_Evaluation_Criteria) level specification.<ref name="orangebook">{{cite book|publisher=National Security Institute|year=1985|title=Department of Defense Trusted Computer System Evaluation Criteria (NSI 5200.28-STD)|url=http://nsi.org/Library/Compsec/orangebo.txt|access-date=2015-06-03|archive-date=2009-06-25|archive-url=https://web.archive.org/web/20090625195703/http://nsi.org/Library/Compsec/orangebo.txt|url-status=dead}}</ref>  OS 2200 first obtained a successful B1 evaluation in September, 1989.<ref>{{cite book|publisher= National Computer Security Center|date=September 27, 1989|title= Final Evaluation Report of Unisys Corporation OS 1100 (CSC-EPL-89/004, Library No. S33,122)|location=Fort George G. Meade, MD|url= http://apps.dtic.mil/dtic/tr/fulltext/u2/a234058.pdf|archive-url= https://web.archive.org/web/20170224183457/http://www.dtic.mil/dtic/tr/fulltext/u2/a234058.pdf|url-status= live|archive-date= February 24, 2017}}</ref>
Unisys maintained that evaluation until 1994 through the National Computer Security Center Rating Maintenance Phase (RAMP) of the Trusted Product Evaluation Program.<ref>{{cite book|publisher= National Computer Security Center|date=July 26, 1994|title= Final Evaluation Report Unisys Corporation OS 1100/2200 (CSC-EPL-76/999, Library No. S225,nnn)|location=Fort George G. Meade, MD}}</ref><ref>{{cite book|publisher= National Computer Security Center|date= 23 June 1989|title= Rating Maintenance Phase Program Document (NCSC-TG-013-89, Library No. S-232,468)|location= Fort George G. Meade, MD|url= http://securityv.isu.edu/isl/ncsctg13.html|access-date= 3 June 2015|archive-date= 5 March 2016|archive-url= https://web.archive.org/web/20160305072750/http://securityv.isu.edu/isl/ncsctg13.html|url-status= dead}}</ref>

== See also ==
* [Comparison of operating systems](/source/Comparison_of_operating_systems)
* [Security-focused operating system](/source/Security-focused_operating_system)
* [Trusted operating system](/source/Trusted_operating_system)

==Notes==
{{reflist|group = nb}}

==References==
{{reflist}}

Category:Operating system security
Category:Computer security procedures

---
Adapted from the Wikipedia article [Security-evaluated operating system](https://en.wikipedia.org/wiki/Security-evaluated_operating_system) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Security-evaluated_operating_system?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
