Solaris Common Criteria Certification

• Security Target (.pdf 506 KB)
• Maintenance Report (.pdf 39 KB)
• Solaris 10 5/08 Trusted Extensions Security Release Notes (.pdf 289 KB)
• Evaluated Hardware List (.pdf 32 KB)
• Solaris 10 5/08 Trusted Extensions Certified Patch Set for SPARC (.tar.Z 89 MB)
• Solaris 10 5/08 Trusted Extensions Certified Patch Set for x86 (.tar.Z 93 MB)

To order Solaris 10 5/08 which includes the Solaris Trusted Extensions software, request the following media kit:

• Solaris 10 5/08 DVD Media Kit
  Part Number: SOLZ9-10IC9A7M

• Security Target (.pdf 1.5 MB)
• Maintenance Addendum for Solaris 10 5/08 (.pdf 47 KB)
• Solaris 10 5/08 Security Release Notes (.pdf 291 KB)
• Evaluated Hardware List (.pdf 32 KB)
• Solaris 10 5/08 Certified patch Set for SPARC (.tar.Z 55 MB)
• Solaris 10 5/08 Certified patch Set for x86 (.tar.Z 60 MB)

To order Solaris 10 5/08 software, request the following media kit:

• Solaris 10 5/08 DVD Media Kit
  Part Number: SOLZ9-10IC9A7M

Solaris 10 11/06 with Trusted Extensions - Extends Solaris OS security

A Common Criteria Certificate was awarded to Sun Microsystems on June 11, 2008 by the Canadian Common Criteria Evaluation and Certification Scheme.

Solaris 10 11/06 with Trusted Extensions is an extension to the proven Solaris 10 security model. It utilizes User and Process Rights Management, Solaris Containers, file systems, and networking and doesn't require a new or separate kernel. Best of all, it doesn't require ISVs to requalify their applications to run them with sensitivity labels. Because it's an extension to the Solaris 10 OS's security policy, Solaris 10 11/06 with Trusted Extensions technology is flexible and quick to deploy: You can add new applications, new users, and more, very quickly, without extensive analysis of each application — and without the need to write complex, error-prone security policies that require a system reboot.

Security Features in the Evaluated Configuration include:

• MAC and DAC - including ACLs;
• Least privilege with fine-grained privileges for all policies;
• Trusted networking and trusted NFS;
• Identification and authentication - including password generation;
• Roles for separating user and administration capabilities;
• Rights profiles for grouping commands, applications, and authorizations and assigning to users or roles;
• Centralized administration with easy-to-use graphical tools;
• Auditing which records the actions of users and roles as well as non-attributable events;
• Sun's Common Desktop Environment (CDE) and Sun Java Desktop System Multilevel windowing environment with trusted path for invoking trusted commands and applications.

Solaris 10 11/06 with Trusted Extensions has  being been certified on:

• Workstations and servers using an UltraSPARC III, UltraSPARC IIIi, UltraSPARC II, UltraSPARC IIe, UltraSPARC IIi, or UltraSPARC T1 processor in single or multiple configuration.
• The Netra 1280 and Sun Fire mid-frame and high-end family offering Dynamic Reconfiguration and Multiple Domaining using an UltraSPARC III, UltraSPARC III Cu (copper based) or UltraSPARC IV processor.
• AMD based processor systems: AMD Opteron 800, 1200, and 8000 series; AMD-64 100, 200, and 2000 series; AMD dual-core 1200 and 2000 series; AMD Opteron 285; and, Intel Xeon.

The Solaris 10 11/06 with Trusted Extensions Certified software consists of the Operating Environment and a subset of patches which have been reviewed to ensure that their application introduces no new security vulnerabilities.

• Security Target (.pdf 541 KB)
• Certificate (.pdf 148 KB)
• Evaluation Report (.pdf 127 KB)
• Solaris 10 11/06 Security Release Notes (.pdf 299 KB)
• Solaris 10 11/06 Trusted Extensions Certified Patch Set for SPARC (113 MB)
• Solaris 10 11/06 Trusted Extensions Certified Patch Set for x86 (103 MB)

To order Solaris 10 11/06 Trusted Extensions software, request the following media kit:

• Solaris 10 11/06 DVD Media Kit
  Part Number: SOLZ9-10FC9A7M

A Common Criteria Certificate was awarded to Sun Microsystems on November 6, 2007 by the Canadian Common Criteria Evaluation and Certification Scheme.

The Solaris 10 11/06 operating system is conformant with the Controlled Access Protection Profile (CAPP), Version 1.d, October 8, 1999 and with the Role Based Access Control Protection Profile (RBACPP), Version 1.0, July 30, 1998 and is certified for use on SPARC and AMD/Intel based platforms.

Solaris 10 11/06 Security Features in the Evaluated Configuration include:

• Discretionary Access Control (DAC) - including ACLs;
• Least privilege with fine-grained privileges for all policies;
• Flexible Enterprise Identification and Authentication - including PAM and kerberos;
• Roles for separating user and administration capabilities;
• Centralized administration with easy-to-use graphical tools;
• Auditing which records the actions of users and roles as well as non-attributable events;
• Trusted Windowing Environment - Users can chose between Sun's Common Desktop Environment (CDE) and Sun Java Desktop System (JDS) Operating Environment.

The Solaris 10 11/06 Certified software consists of the Solaris 10 11/06 Operating Environment and a subset of Solaris 10 patches which have been reviewed to ensure that their application introduces no new security vulnerabilities.

• Security Target (.pdf 932 KB)
• Certificate (.pdf 186 KB)
• Evaluation Report (.pdf 162 KB)
• Solaris 10 11/06 Security Release Notes (.pdf 293 KB)
• Solaris 10 11/06 Certified Patch Set for SPARC (.tar 63 MB)
• Solaris 10 11/06 Certified Patch Set for x86 (.tar 50 MB)

To order Solaris 10 11/06 software, request the following media kit:

• Solaris 10 11/06 DVD Media Kit
  Part Number: SOLZ9-10FC9A7M

• Security Target (.pdf 983k)
• Certificate (.pdf 70k)
• Evaluation Report (.pdf 164k)
• Solaris 10 03/05 Security Release Notes (.pdf 291k)
• Solaris 10 03/05 Certified Patch Set for SPARC (.tar.Z 69 MB)
• Solaris 10 03/05 Certified Patch Set for x86 (.tar.Z 95 MB)

To order Solaris 10 03/05 software, request the following media kit:

• Solaris 10 03/05 DVD Media Kit
  Part Number: SOLZ9-10AC9A7M

• Security Target (.pdf 678k)
• Solaris 9 8/03 Security Release Notes (.pdf 209k)
• Solaris 9 8/03 Certified Patch Set (.tar 32 MB)

To order Solaris 9 8/03 software, request one of the following media kits:

• Solaris 9 8/03 Multilingual CD Media Kit (SPARC Platform Edition) with Minimal Install Docs
  Part Number: SOLZS-09EC9AYS

The TOE was certified to EAL4 in June 2002. The ALC_FLR.3 augmentation was certified in March 2004. Assurance has now been maintained using the Common Criteria Assurance Continuity process to fully cover version 8 2/04; see the Maintenance Report and updated Security Target for details.

You can find further information on certification of the Trusted Solaris 8 4/01 Operating Environment on the UK Information Technology Security Evaluation and Certification Scheme Web site.

• Certificate (.jpg 179k)
• Trusted Solaris 8 4/01 Security Target (.pdf 275k)
• Trusted Solaris 8 4/01 Evaluation Report (.pdf 639k)

To order Trusted Solaris 8 4/01 software, please visit the product website.

If a patch is found to be certification irrelevant, the patch ID, revision number, and description will be added to the list of approved Certification Irrelevant Patches, which is shown below. The patch can then be applied directly from the SunSolve patch database, and it will not compromise the CC certification of the system.

The certification irrelevant patches are not included in the Assurance Continuity (Solaris 9 and newer) or the Certificate Maintenance Scheme (Solaris 8) patch sets, and must be downloaded from the SunSolve database.

Later revisions of the certification irrelevant patch must be reviewed before it can be applied to a secure system.

Solaris 10 11/06 Certification Irrelevant Patch List

• 122530-06: SunOS 5.10_x86: nge patch

Solaris 10 3/05 Certification Irrelevant Patch List

• 122530-06: SunOS 5.10_x86: nge patch

Solaris 9 08/03 Certification Irrelevant Patch List

• 115651-02: SunOS 5.9: usr/lib/acct/runacct Patch

Solaris 8 02/02 Certification Irrelevant Patch List

• 108434-18: SunOS 5.8: 32-bit shared library patch for C++
• 108435-18: SunOS 5.8: 64-bit shared library patch for C++
• 109147-07: SunOS 5.8: Linker patch
• 109320-19: SunOS 5.8: LP Patch
• 114537-26: SunOS 5.8: Sun XVR-100 Graphics Accelerator Patch
• 115274-05: /usr/sbin/raidctl patch
• 115275-07: mpt driver patch

For more information on Common Criteria Certifications at Sun Microsystems, contact us.