GOVERNMENT

MOUNTAIN VIEW, CA -- SGI (NYSE: SGI) today announced that the National Information Assurance Partnership's (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) has successfully evaluated and validated the SGI® Trusted IRIX(TM) 6.5 operating system with conformance to the National Security Agency Information Systems Security Organizations (ISSO) Labeled Security Protection Profile (LSPP). NIAP CCEVS has also successfully evaluated the SGI® standard IRIX® 6.5 operating system software with conformance to the ISSO's Controlled Access Protection Profile (CAPP) against the International Common Criteria for Information Technology Security Evaluation. Conformance to the LSPP provides confidence to military, government and commercial customers that Trusted IRIX uses strict access controls to information and clearly identifies user roles against unsecured access or activity. The Common Criteria for Information Technology Security Evaluation (or "Common Criteria") is a multinational successor to the previous Department of Defense Trusted Computer System Evaluation Criteria (TCSEC or "Orange Book" criteria). The requirements defined in the LSPP correspond to the TCSEC B1 security level. The requirements defined in the CAPP are consistent with the C2 security level specified by the TCSEC. "SGI Trusted IRIX 6.5 and Standard IRIX 6.5 offer solid commercial-off-the-shelf, secure platforms, providing safeguards against internal and external threats that exceed protections available from other UNIX operating systems," said Casey Schaufler, Trusted Technology manager, SGI. "With their broad base of special and sensitive applications, cross-platform environments, high-performance capabilities, and security, SGI Trusted IRIX 6.5 and standard IRIX 6.5 are now positioned to become the standard, high-end security platforms for both the government and commercial sectors." SGI Trusted IRIX 6.5 is based on standard IRIX 6.5, the fifth-generation 64-bit UNIX® operating system from SGI, and is the most robust and mature UNIX operating system release in the industry. Both Trusted IRIX 6.5 and standard IRIX 6.5 are characterized by a rich set of scalability, big data management and real-time 3D visualization enhancements, as well as middleware features for broader server and workstation deployment. SAICs Center for Information Security Technology Common Criteria Testing Laboratory, a NIAP CCEVS-approved laboratory, conducted the Common Criteria evaluations of the SGI Trusted IRIX and standard IRIX operating systems. "SGI is committed to providing its customers with secure products that have been evaluated by U.S. and international government evaluation programs like the Common Criteria," said Lang Craighill, senior director of federal operations, SGI Federal. "Within SGI Federal, we've seen growing interest in secure operating systems from government customers. The threats posed by today's computing environment of increased connectivity and data sharing cannot be addressed without secure operating systems. If an OS fails, system-wide vulnerabilities result." SGI Trusted IRIX 6.5 provides system integrity and information assurance by addressing three fundamental security areas-policy, accountability and assurance. SGI Trusted IRIX 6.5 now has the B1 security functionality, including the following functions: -- Mandatory access control allows the system administrator to set up policies and accounts that will allow each user to have full access to the files and resources he or she needs, but not to other information and resources not immediately necessary to perform assigned tasks. In addition, access permission cannot be passed from one user to another, as under traditional UNIX systems, which use only discretionary access control. -- Access control lists allow the system administrator to specify on a user-by-user basis those users who may access files and directories. The purpose of this feature is to provide a finer level of control than is allowed through traditional discretionary access control. -- The system audit trail allows the system administrator to keep a precise log of all system activity. The system audit trail provides a means for the system administrator to oversee each important event that takes place on the system, track changes in sensitive files and programs, and identify inappropriate use of the system. -- Identification and authentication allow the system administrator to be certain that the people on the system are authorized users and that private password integrity is maintained to the highest possible levels. -- The capability-based privilege mechanism is utilized to grant particular, controlled privileges to specific functions without granting access to key user accounts. A privilege is determined based on the set of effective capabilities for a given process. -- The object reuse policy precludes accidental disclosure of data, display memory and long-term data storage. For example, all system memory is always cleared automatically before it is allocated to another program. Visit www.sgi.com for more information.