INTEGRITY is the first and only operating system technology to be certified by NIAP, a U.S. government initiative operated by the National Security Agency (NSA), to EAL 6+ High Robustness.
Other common enterprise operating systems are certified to EAL 4+ or lower. EAL 4+ means that there is no assurance of security UNLESS the attack threat is non-hostile, with “casual or inadvertent attempts to breach the system security”. With worldwide access, anywhere and anytime, the Internet is the ultimate hostile environment against which current IT security solutions are unable to adequately defend. The world has become accustomed to a fail-first, patch-later mentality that is expensive and will never provide the security the world deserves.
EAL6+ High Robustness is the gold standard of security certification. INTEGRITY was designed from the ground up to meet EAL7 and therefore was able to meet the U.S. Government’s EAL6+ High Robustness requirements.
INTEGRITY is in a class by itself.
Common Criteria Separation Kernel Protection Profile (SKPP) — What is it?
SKPP is the security standard created by the Open Group and published by the National Security Agency to specify security requirements for “high robustness” operating systems. High robustness operating systems are suitable for use in computer systems that manage and protect high value resources in the face of attacks by resourceful adversaries.
According to Department of Defense guidance, high robustness refers to “security services and mechanisms that provide the most stringent protection and rigorous security countermeasures.” The SKPP contains both functional and assurance requirements. Functional requirements refer to the security policies enforced by the operating system. For example, an SKPP-compliant operating system must guarantee that a malicious application cannot harm (corrupt, deny service to, steal information from, etc.) any other application running on the computer. Assurance requirements refer to the evidence that provides high confidence that the product implements its security functional requirements.
The requirements of the SKPP are far more stringent than any other operating system security standard. The resulting assurance, or confidence, that developers, users, and other stakeholders are therefore able to derive from an SKPP evaluation are extremely high and unprecedented in the world of computer security. SKPP requires an extremely rigorous development process, formal methods — which provide mathematical proof of the security - and penetration testing by the NSA's security experts who have complete access to the source code.
With the certification of the INTEGRITY software system to EAL6+ High Robustness, the Common Criteria SKPP standard, there now exists, for the first time in history, a software system that can be trusted to protect corporate intellectual property, financial records, private customer information, national secrets, and control systems for critical infrastructure.
