The Solaris 10 11/06 operating system is conformant with the Controlled Access Protection Profile (CAPP), Version 1.d, October 8, 1999 and with the Role Based Access Control Protection Profile (RBACPP), Version 1.0, July 30, 1998 and is certified for use on SPARC and AMD/Intel based platforms.
Solaris 10 11/06 Security Features in the Evaluated Configuration include:
Discretionary Access Control (DAC) - including ACLs;
Least privilege with fine-grained privileges for all policies;
Flexible Enterprise Identification and Authentication - including PAM and kerberos;
Roles for separating user and administration capabilities;
Centralized administration with easy-to-use graphical tools;
Auditing which records the actions of users and roles as well as non-attributable events;
Trusted Windowing Environment - Users can chose between Sun's Common Desktop Environment (CDE) and Sun Java Desktop System (JDS) Operating Environment.
The Solaris 10 11/06 Certified software consists of the Solaris 10 11/06 Operating Environment and a subset of Solaris 10 patches which have been reviewed to ensure that their application introduces no new security vulnerabilities.
To order Solaris 10 11/06 software, request the following media kit:
Solaris 10 11/06 DVD Media Kit Part Number: SOLZ9-10FC9A7M
Solaris 10 03/05 Operating Environment
The Solaris 10 03/05 operating system is conformant with the Controlled Access Protection Profile (CAPP), Version 1.d, October 8, 1999 and with the Role Based Access Control Protection Profile (RBACPP), Version 1.0, July 30, 1998 and is certified for use on SPARC and AMD based platforms.
The Solaris 10 03/05 Certified software consists of the Solaris 10 03/05 Operating Environment and a subset of Solaris 10 patches which have been reviewed to ensure that their application introduces no new security vulnerabilities.
To order Solaris 10 03/05 software, request the following media kit:
Solaris 10 03/05 DVD Media Kit Part Number: SOLZ9-10AC9A7M
Solaris 9 08/03 Operating Environment
Solaris 9 8/03 has been certified under the Common Criteria at EAL4+ under the Controlled Access Protection Profile and Role Based Access Control Protection Profile for use with Ultra II, Ultra III and Sun Fire servers.
The Solaris 9 8/03 Certified software consists of Solaris 9 8/03 Operating Environment (SPARC Platform Edition), and the subset of Solaris 9 patches which have been reviewed to ensure that their application introduces no new security vulnerabilities.
To order Solaris 9 8/03 software, request one of the following media kits:
Solaris 9 8/03 Multilingual CD Media Kit (SPARC Platform Edition) with Minimal Install Docs Part Number: SOLZS-09EC9AYS
Trusted Solaris 8 4/01 Operating Environment
Trusted Solaris 8 4/01 is a highly configurable, multilevel trusted operating environment based on Sun's Solaris 8 4/01 operating environment. It meets and exceeds the specific security requirements of the Labeled Security, Role-based Access Control, and Controlled Access protection profiles of the Common Criteria.
Features include:
MAC and DAC - including ACLs;
Least privilege with fine-grained privileges for all policies;
Trusted networking and trusted NFS;
Identification and authentication - including password generation;
Roles for separating user and administration capabilities;
Rights profiles for grouping commands, applications, and authorisations and assigning to users or roles;
Multilevel windowing environment with trusted path for invoking trusted commands and applications;
Centralized administration with easy-to-use graphical tools;
Auditing which records the actions of users and roles as well as non-attributable events.
The TOE was certified to EAL4 in June 2002. The ALC_FLR.3 augmentation was certified in March 2004. Assurance has now been maintained using the Common Criteria Assurance Continuity process to fully cover version 8 2/04; see the Maintenance Report and updated Security Target for details.
To order Trusted Solaris 8 4/01 software, please visit the product website.
Supported Hardware
Solaris 10 11/06 Operating Environment has been certified on:
Workstations and servers using an UltraSPARC III, UltraSPARC IIIi, UltraSPARC II, UltraSPARC IIe, UltraSPARC IIi, or UltraSPARC T1 processor in single or multiple configuration.
The Netra 1280 and Sun Fire mid-frame and high-end family offering Dynamic Reconfiguration and Multiple Domaining using an UltraSPARC III, UltraSPARC III Cu (copper based) or UltraSPARC IV processor.
AMD based processor systems: AMD Opteron 800, 1200, and 8000 series; AMD-64 100, 200, and 2000 series; AMD dual-core 1200 and 2000 series; AMD Opteron 285; and, Intel Xeon.
Solaris 10 03/05 Operating Environment has been certified on:
Workstations and servers using an UltraSPARC III, UltraSPARC IIIi or UltraSPARC IIi processor in single or multiple configuration.
The Netra 1280 and Sun Fire mid-frame and high-end family offering Dynamic Reconfiguration and Multiple Domaining using an UltraSPARC III, UltraSPARC III Cu (copper based) or UltraSPARC IV processor.
AMD based processor systems: AMD Opteron 200 and 800, AMD-64 100 (W1100z) and AMD-64 200 (W2100z).
Solaris 9 8/03 Operating Environment has been certified on:
Sun Fire B100s, V100, V120, V210, V240, V250, V280R, V480, V880, V880z, V1280, 3800, 4800, 4810, 6800, 12000, 15000
Netra 20, 120, CT410, CT810, 1280
Trusted Solaris 8 4/01 Operating Environment has been certified on:
Sun Blade 1500, 2000, 2500
ServerBlade 1
Sun Fire V60, V210, V240, V250, V440, V1280, V480, V490, V880, V890, 3800, 4800, 4810, 6800, 15K, 20K, 25K
Sun Fire E2900, E4900, E6900 Server
AMD Athlon, Opteron
Intel P4, Xeon MP
Sony Vaio Laptop
Panasonic Tough 50 Laptop
Dell PowerEdge 2650
Certification Irrelevant Patches
Some patches which customers request are to areas of the system which do not affect CC certification. These patches are referred to as certification irrelevant.
All patch requests will be reviewed, and if a patch is found to be certification irrelevant, that patch id, revision number, and description will be added to a list of approved certification irrelevant patches. These patches may then be applied directly from the SunSolve patch database. These patch binaries will NOT be included in CMS releases unless they are security relevant. Customers may apply them without compromising the CC certification of their system. Later revisions of certification irrelevant patches must be reviewed before they may be added to a secure system.
Solaris 10 11/06 Certification Irrelevant Patch List:
122530-06: SunOS 5.10_x86: nge patch
Solaris 10 3/05 Certification Irrelevant Patch List:
122530-06: SunOS 5.10_x86: nge patch
Solaris 9 08/03 Certification Irrelevant Patch List:
115651-02: SunOS 5.9: usr/lib/acct/runacct Patch
Solaris 8 02/02 Certification Irrelevant Patch List:
108434-18: SunOS 5.8: 32-bit shared library patch for C++
108435-18: SunOS 5.8: 64-bit shared library patch for C++
109147-07: SunOS 5.8: Linker patch
109320-19: SunOS 5.8: LP Patch
114537-26: SunOS 5.8: Sun XVR-100 Graphics Accelerator Patch
Solaris 10 11/06 with Trusted Extensions - Extends Solaris OS security Solaris 10 11/06 with Trusted Extensions is an extension to the proven Solaris 10 security model. It utilizes User and Process Rights Management, Solaris Containers, file systems, and networking and doesn't require a new or separate kernel. Best of all, it doesn't require ISVs to requalify their applications to run them with sensitivity labels. Because it's an extension to the Solaris 10 OS's security policy, Solaris 10 11/06 with Trusted Extensions technology is flexible and quick to deploy: You can add new applications, new users, and more, very quickly, without extensive analysis of each application — and without the need to write complex, error-prone security policies that require a system reboot.
Solaris 10 11/06 with Trusted Extensions has entered into Common Criteria Evaluation with the Canadian Common Criteria Evaluation and Certification Scheme and is conformant with the Controlled Access Protection Profile (CAPP), Role Based Access Control Protection Profile (RBACPP) and Labelled Security Protection Profile (LSPP) at EAL4+ (ALC_FLR.3 Augmented).
Security Features in the Evaluated Configuration include:
MAC and DAC - including ACLs;
Least privilege with fine-grained privileges for all policies;
Trusted networking and trusted NFS;
Identification and authentication - including password generation;
Roles for separating user and administration capabilities;
Rights profiles for grouping commands, applications, and authorizations and assigning to users or roles;
Centralized administration with easy-to-use graphical tools;
Auditing which records the actions of users and roles as well as non-attributable events;
Sun's Common Desktop Environment (CDE) and Sun Java Desktop System Multilevel windowing environment with trusted path for invoking trusted commands and applications.
Solaris 10 11/06 with Trusted Extensions is being been certified on:
Workstations and servers using an UltraSPARC III, UltraSPARC IIIi, UltraSPARC II, UltraSPARC IIe, UltraSPARC IIi, or UltraSPARC T1 processor in single or multiple
configuration.
The Netra 1280 and Sun Fire mid-frame and high-end family offering Dynamic Reconfiguration and Multiple Domaining using an UltraSPARC III, UltraSPARC III Cu (copper based) or UltraSPARC IV processor.
AMD based processor systems: AMD Opteron 800, 1200, and 8000 series; AMD-64 100, 200, and 2000 series; AMD dual-core 1200 and 2000 series; AMD Opteron 285; and, Intel Xeon.
More Information
For more information on Common Criteria Certifications at Sun Microsystems, contact us.
