View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 10, 2005

HP seeks US security certification for OpenView, HP-UX

Seeking to bolster sales to federal agencies, HP is ramping up efforts to get OpenView and its operating systems certified with the international certification known in the US as National Information Assurance Partnership (NIAP) Common Criteria.

By CBR Staff Writer

The criteria are applied to hardware or software whose purpose is to protect information. HP announced that it already achieved level 4 certification for HP-UX 11i, level 3 for its ProLiant, Integrity and carrier-grade servers, and level 1 for Tru64 UNIX V5.1A. Level 2 certification testing is currently underway for several HPO OpenView modules, including Network Node Manager, the heart of the product, and Operations for UNIX.

The government is planning to apply the Common Criteria for all IT procurement for all agencies, according to Sai Allavarpu, director of product management and marketing for HP’s identity management and security products. He added that agencies across Europe and Asia are considering imposing similar guidelines.

Over the next 12 to 18 months, HP intends to submit most of the rest of the OpenView stack, including Service Desk, identity management, change management, configuration management and software distribution.

The common criteria address areas including configuration management, delivery and operation, development, guidance documents, life cycle support, tests and vulnerability assessment. The Common Criteria includes seven levels of certification that are similar to the five levels of software engineering maturity assessed by the Capability Maturity Model (CMM).

Starting at level one, the most basic, which examines a product to ensure that it conforms to documented claims, the criteria step in severity as they test the structure of the product, evaluate the product from design stage forward, to assurance that the products have closed all the back doors and can withstand high risk environments.

From a practical standpoint, above level 4, products generally have to be designed from scratch to meet the criteria. Vendors pay for tests conducted by independent labs, which are in turn certified to award certifications.

Although intended as a way to qualify software for federal procurement, according to Allavarpu, it can apply to private sector companies such as financial services, telco or aerospace contractors who act as government contractors.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

HP is hardly alone in seeking certification. Virtually every major platform vendor has or is submitting one or more of their OSs for Common Criteria, from IBM to Sun, Apple, Red Hat and even Microsoft. Others in the club range from BMC Patrol for systems management; Symantec for intrusion detection; Trend Micro for antivirus; Groove Networks (recently acquired by Microsoft) for software encryption; RSA for certificate authority; Canon, Sharp, and Xerox for multi-function copier/printers; and Juniper Networks for routers.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.