THE US Government's National Information Assurance Partnership (NIAP), a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA), has formally accepted the security evaluation plan for Green Hills Software’s Integrity-178B operating system.
As a result, Integrity-178B is now listed on the official register of products in evaluation at http://niap.nist.gov/cc-scheme/in_evaluation.html#i. This is a significant milestone toward the most stringent certification ever undertaken by an operating system.
The security evaluation of Integrity-178B began in April 2005, when Green Hills Software selected Science Applications International Corporation (SAIC), a NIAP approved Common Criteria Testing Lab (CCTL), to perform the evaluation.
Since then, in parallel with the software evaluation, Green Hills Software, SAIC and NIAP have finalised the evaluation work plan and Green Hills Software has prepared the documentation required by NIAP. NIAP management formally accepted the plan on August 12.
“To prepare for this next stage in the evaluation process, SAIC has had a chance to assess some of the certification evidence, artifacts and related processes that Green Hills Software has used as the basis for their DO-178B safety certifications,” said assistant vice president and division manager at the SAIC Common Criteria Testing Laboratory, Julie Taylor.
“We’ve worked with Green Hills Software to produce the Security Target and other documents that we have presented to NIAP. Green Hills has made all of its deliveries on schedule.”
Integrity-178B is undergoing the most stringent security evaluation undertaken by an operating system under the International Common Criteria for Information Technology Security Evaluation standard (ISO 15408).
Integrity-178B is being evaluated for conformance to the Separation Kernel Protection Profile (SKPP), the most demanding Protection Profile currently defined.
The evaluation is being done at Evaluation Assurance Level 6 augmented (EAL6+). On the seven-level EAL scale, no operating system has previously been certified beyond EAL5+.
“Green Hills Software is leading the charge to more secure computing,” said founder and chief executive officer of Green Hills Software, Dan O’Dowd.
“While Integrity-178B is progressing toward an EAL6+ certification, no other operating system listed on the NIAP Products in Evaluation register is aiming beyond EAL4+.
“In addition, Integrity-178B is being evaluated to the stringent Separation Kernel Protection Profile - most other operating system certifications have been to the significantly more lenient Controlled Access Protection Profile (CAPP).”