Home » Green Hills Software's Integrity OS gets NIAP security certification
Green Hills Software's Integrity OS gets NIAP security certification
Santa Barbara, Calif., November 17 — Green Hills Software, Inc., today announced that the INTEGRITY-178B operating system has been certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), to Common Criteria Evaluation Assurance Level (EAL) 6+, High Robustness.
This certification is the first of its kind, the highest Common Criteria security level ever achieved for an operating system. Only an EAL6+ High Robustness operating system is certified to protect classified information and other high-value resources at risk of attack from hostile and well-funded attackers. The highest security standard to which any other operating system is certified only protects against “inadvertent or casual attempts to breach the system security.”
No other operating system has even begun the EAL6+ NIAP/NSA certification process (http://www.niap-ccevs.org/cc-scheme/in_evaluation lists products that have begun a certification process). Furthermore, Common Criteria states that “EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line.” INTEGRITY was designed for EAL7, the highest level of security, and thus was able to meet the NSA’s High Robustness requirements.
“The certification is a landmark in the security world,” commented Dan O’Dowd, founder and chief executive officer, Green Hills Software. “INTEGRITY is the only solution to the long-unsolved problems of protecting the world’s critical infrastructure, keeping private information private,and thwarting even the most determined cyber attackers.”
Neil MacDonald, vice president and Gartner fellow, says, “For years, information security has been myopically protecting the organization from the outside in with technologies like firewalls and antivirus and largely overlooked the need to protect it from the inside out. In Gartner’s vision of Adaptive Security Infrastructure, protecting workloads and information from the inside out will require more intelligent security sensors throughout the infrastructure--at endpoints, virtual servers and within the applications and data themselves. However, security software running on the same physical machine as the workloads and information it is protecting can’t be unequivocally trusted without strong isolation, high assurance and resiliency of the software, and trust attestation which will become the foundation for next-generation Adaptive Security Infrastructure.”
INTEGRITY-178B was certified against the Common Criteria’s SKPP, whose High Robustness designation represents the gold standard for operating system security certification, requiring “security services and mechanisms that provide the most stringent protection and rigorous security countermeasures.” The security gap between EAL4+-certified products and SKPP-certified products is immense: while EAL4+ does not even require examination of the product source code, SKPP requirements include the use of formal methods to mathematically prove the security policies, formal specifications, formal correspondence between design and implementation, complete test coverage of all functional requirements and penetration testing by the NSA, which has complete access to the source code.
The INTEGRITY operating system’s pedigree also includes certification and compliance with other demanding government and industry software reliability standards.
• RTCA/DO-178B Level A, the highest level of avionics safety certification granted by the Federal Aviation Administration and the European Aviation Safety Agency
• FDA Class III, the most life-critical medical devices approved by the Food and Drug Administration
• IEC 61508 SIL 3, the highest level industrial safety certification granted to an operating system by TÜV
INTEGRITY is the only operating system to have achieved more than one of these certifications.
SANS Control Security Training Coming to Houston
SANS Institute will hold ICS Security Training event on June 10-15 in Houston
Compressor Controls: Saudi Aramco Buys First GE Compressor Control Systems
Saudi Aramco has purchased advanced compressor control technology from GE for the Haradh GOSP-1 facility in Saudi Arabia's Eastern Province.
ISA Training Through June in Houston
Technician training, engineering survival and SIS boot camps for condensed, intense, comprehensive educational experience.
NIST Releases Initial Cyber Security Framework Comment Analysis
The National Institute for Standards and Technology has released an initial analysis of the hundreds of comments by industry and the public they have received on the Obama Administration's "Improving Critical Infrastructure Cyber Security" executive order.
Past Time to Upgrade Your DCS?
Upgrading Your DCS: Why You May Need to Do It Sooner Than You Think
Metso Provides New Heating Solution for Finnish Utility
Finland's largest pellet-fired heating plant produces environmentally friendly energy in Tampere
K-BIM Consortium Selects Siemens' Parasolid for New AEC Applications
-BIM, a consortium of commercial, academic and government organizations wants the new application suite to help create a national standard for building information management (BIM)
Friday p.m. Wrap-Up:This Week on ControlGlobal and Elsewhere
Some of the week's biggest stories in process automation
What's Bad Weather Costing Us?
U.S. taxpayers paid nearly $100 billion responding to damages caused by last year’s extreme weather events associated with climate change, about $1,100 per taxpayer, according to an analysis by the Natural Resources Defense Council (NRDC).
BP, Shell, Statoil Raided by EC
European Commission investigators raided the offices of oil companies BP, Royal Dutch Shell and Statoil as well as data collector Platts as part of a larger inquiry into price manipulation of the global crude market.
- All news »
Access the entire print issue on-line and be notified each month via e-mail when your new issue is ready for you. Subscribe today.
- Featured White Papers