Common Criteria

Run high security workloads on the certified configuration of Ubuntu

Developing and deploying open source workloads on regulated and high security environments requires rigid certifications. Ubuntu Pro and Ubuntu Advantage provide access to the necessary artifacts to comply with Common Criteria, an international (ISO/IEC 15408) computer security certification for high security environments.

Contact us

What is Common Criteria?

Common Criteria (CC) for Information Technology Security Evaluation is an international standard (ISO/IEC IS 15408) for computer security certification, used by Governments, U.S. Federal agencies, financial institutions and many other organizations dealing with sensitive data. It ensures that products are evaluated by licensed laboratories to verify their security properties and that a common methodology is applied in certification.

In brief, it is a common methodology to evaluate products' security controls against a set of security claims. The set of security claims is grouped per product and is called a protection profile. There are different protection profiles that apply to different products. The profile Ubuntu derives its security requirements is the Operating System Protection Profile (OSPP).


Where is Common Criteria accepted?

Internationally a Common Criteria certification is accepted by members of the CCRA agreement and the EU SOGIS members.


What gets certified in Ubuntu under Common Criteria?

Ubuntu 18.04 LTS and 16.04 LTS have both been evaluated to assurance level EAL2 through CSEC – The Swedish Certification Body for IT Security. The evaluation testing was performed by atsec Information Security. The following table provides a summary of the releases and platforms that have been certified.


Ubuntu version Platform Certification report Additional information
Ubuntu 16.04 LTS x86_64, IBM Power8 and IBM Z 16.04.4 Installation instructions
Ubuntu 18.04 LTS x86_64 and IBM Z 18.04.4 Installation instructions

Contact us