Tag Archive for: Criteria

NIST provides recommended criteria for cybersecurity labeling for consumer software and IoT products

/in


Will NIST’s cybersecurity labeling for consumer software and IoT products help us achieve better security? Our experts weigh in.

NIST cybersecurity labeling recommendations | Synopsys

If one of the goals of President Biden’s May 2021 “Executive Order on Improving the Nation’s Cybersecurity” is fulfilled, you’ll be able to look for a quality and security assurance label on any software product you consider buying. To which anyone who cares about such things—and everybody should—might say “it’s about time.”

Indeed, consumer labeling has long been mainstream when it comes to just about everything else. We take for granted that what we plan to eat or drink has a list of ingredients on the packaging or container. The U.S. Department of Agriculture has a label that food vendors can use if their product is certified organic. Most of us are familiar with the Good Housekeeping Seal and UL certification, which offer some assurance that a vast range of products meet a minimum quality standard. “Look for the union label” has been a slogan for almost 50 years.

But details or seals of approval on the quality of software ingredients? Not so much. Pretty much not at all.

Current state of consumer cybersecurity awareness

While Americans rely on software for just about everything in modern life—communication (email, text, phone), social media, online purchases, games, research, home security, transportation, and much, much more—most remain only dimly aware of what it is, how it works, and the level of its quality and security. 

As the National Institute of Standards and Technology (NIST) recently put it, “most consumers take for granted and are unaware of the software upon which many products and services rely, [and] the very notion of what constitutes software may even be unclear.” That is, in large measure, because consumers aren’t told much of anything about it. They generally see only what it does, not what it is, who made it, how it works, or how it could put them at risk. 

The Biden executive order (EO) is obviously aimed at closing that gap in consumer awareness. It calls for NIST, the Federal Trade Commission, and other agencies to “initiate pilot programs informed by existing consumer product labeling…

Source…

SUSE Linux Enterprise Earns Common Criteria EAL 4+, Proving Top Security for Mission-Critical Environments

/in


NUREMBERG, Germany, Aug. 17, 2021 /PRNewswire/ — SUSE®, a global leader in innovative, reliable and enterprise-grade open source solutions, today announced its flagship Linux distribution has earned Common Criteria EAL 4+ certification. SUSE Linux Enterprise Server (SLES) 15 SP2 is now EAL 4+ level certified for IBM Z, Arm and x86-64 architectures, signifying compliance with the most-demanding security requirements for mission-critical infrastructure. SUSE’s Common Criteria EAL 4+ software supply chain certification includes secure production, delivery of updates, and protection of critical digital assets.

SUSE is currently the only provider of a recent general-purpose Linux operating system with a secure software supply chain that is certified Common Criteria EAL 4+ for all these platforms.

“In today’s age of advanced hacking and service disruption, Common Criteria EAL 4+ level certification for SLES provides confidence to critical service providers such as governments, finance and banking companies, healthcare organizations, water and power companies, telecommunications providers, and others innovating at the edge,” said Thomas Di Giacomo, SUSE Chief Technology and Product Officer. “SUSE’s commitment to open interoperability means SLES 15 customers around the world can be certain their operating system conforms to the highest international standards for computer security within their chosen IT infrastructure.”

Kara Todd, director of Linux, IBM Z & LinuxONE at IBM, said, “This latest Common Criteria EAL 4+ certification, the highest level attainable for an open source operating system, for SUSE Linux Enterprise on IBM Z demonstrates a continued prioritization on security and reliability, which we expect will be very well received by our joint customers around the world. We are seeing an ever-growing number of exciting new Linux workloads which are a great fit for the underlying scalability, reliability and security that the IBM Z platform provides.”

Bhumik Patel, director of Ecosystem Software Development, Infrastructure Line of Business, Arm, said, “The pervasiveness of Arm technology from cloud to edge underscores our responsibility to work with the industry to deliver…

Source…

Victims of the Equifax data breach won’t be eligible for $125 in settlement unless they meet these criteria – MarketWatch

/in

Victims of the Equifax data breach won’t be eligible for $ 125 in settlement unless they meet these criteria  MarketWatch

The Equifax data breach settlement money comes with strings attached.

“data breach” – read more

Cisco, Symantec, and McAfee top mobile security buying criteria : Infonetics – telecomlead.com

/in

telecomlead.com

Cisco, Symantec, and McAfee top mobile security buying criteria : Infonetics
telecomlead.com
Telecom Lead Asia: Cisco, Symantec, and McAfee are on top of mobile security buying criteria related to technology, pricing, service and support, according to a survey by Infonetics Research. For the survey, Infonetics analysts interviewed
Cisco, Symantec, McAfee Top in Mobile SecurityChannelnomics (blog)

all 19 news articles »

“mobile security” – read more