HP-UX 11i Common Criteria certification

HP-UX 11i v3, running on HP 9000 and HP Integrity platforms, is successfully evaluated against the requirements for  EAL4 Common Criteria (ISO 15408) Assurance Level, augmented by ALC_FLR.3 (flaw remediation), using the Controlled Access (CAPP) and Role-Based Access Control (RBACPP) Protection Profiles Common Criteria Certification.

Many enterprise and government customers require this vendor-independent security certification because it increases confidence in the product's security assurance, functionality, quality and effectiveness. Many governments, including the United States, require certification for government IT procurement.

New in this evaluation:  Hard partitions (nPartitions or nPars) are included in the evaluated configuration of the HP-UX 11i v3 operating system. Hardware partitions (nPartition) provide both hardware and software isolation so that hardware or software faults in one nPartition do not affect other nPartitions within the same server complex. Hard partitions (nPartitions) are available on cell-based servers such as rp7420, rp8420, rx7620, rx7640, rx8620, rx8640, and Superdome.  The server is split into a number of cells that can be allocated to the nPartitions. Each cell contains processor(s) and system RAM and may be associated with its own peripheral devices. Learn more about the Common Criteria certification advantage of HP-UX 11i nPartitions.

Customers who wish to duplicate this evaluated software configuration can obtain a special 4-disc media kit (BA4491AA, option A54). The kit contains the DVDs of the February 2007 versions of the HP-UX 11i v3 mission-critical operating environment and Instant Information discs, plus a Common Criteria Supplementary CD that contains patches, documentation and tools specific to the evaluated configuration.

HP-UX 11i v2 running on HP 9000 and Integrity platforms has been successfully evaluated against the requirements for the EAL4 Common Criteria (ISO 15408) Assurance Level, augmented by ALC_FLR.3 (flaw remediation), using the Controlled Access (CAPP) and Role-Based Access Control (RBAC) Protection Profiles. EAL4+ is sometimes used as the abbreviated form for additional assurances

Customers who wish to duplicate the evaluated software configuration can obtain a special 3-disc media kit (B8483AA, option A54) containing DVDs of the May 2005 versions of the HP-UX 11i v2 Mission Critical Operating Environment and Instant Information discs, plus a Common Criteria Supplementary CD that contains patches, documentation and tools specific to the evaluated configuration.

HP-UX 11i has been successfully evaluated against the requirements for the EAL4 Common Criteria (ISO 15408) Assurance Level, using the Controlled Access Protection Profiles (CAPP)

Certification is important to both government and enterprise customers. Many governments, including the United States, require certification for government IT procurement. Enterprise customers also appreciate this vendor-independent security certification because it increases confidence in the product's security assurance, functionality, quality and effectiveness. In addition, the Japanese government is considering a tax break for certified products which will benefit enterprise customers in that country

The Common Criteria certification (CC) permits comparability between the results of independent security evaluations. It does so by providing a common set of requirements for the security functions of IT products and systems and for assurance measures applied to them during a security evaluation. The evaluation process establishes a level of confidence that the security functions of such products and systems and the assurance measures applied to them meet these requirements. The evaluation results may help consumers to determine whether the IT product or system is secure enough for their intended application and whether the security risks implicit in its use is tolerable.

The Common Criteria certification addresses protection of information from unauthorized disclosure, modification, or loss of use. The categories of protection relating to these three types of failure of security are commonly called confidentiality, integrity, and availability, respectively. The CC may also be applicable to aspects of IT security outside of these three. The CC concentrates on threats to that information arising from human activities, whether malicious or otherwise, but may be applicable to some non-human threats as well. In addition, the CC may be applied in other areas of IT, but makes no claim of competence outside the strict domain of IT security. For additional information please click here.