This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of SUSE Software Solutions Germany GmbH
Forums it-sa Expo 2023 Knowledge Forum E

SUSE Compliance & Supply Chain Security

NIS-2 obliges companies to better protect their supply chains. Standards like Common Criteria EAL 4+ are therefore more valuable than ever.

calendar_today Tue, 10.10.2023, 13:30 - 13:45

event_available On site

place Knowledge Forum E

Action Video


Action description





Cloud Security Data protection / GDPR Governance, Riskmanagement and Compliance

Key Facts

  • Legal certainty with NIS-2 through Common Criteria EAL 4+
  • Proven protection of the entire supply chain
  • "Certify once, use many" approach for end-to-end security


This action is part of the event Forums it-sa Expo 2023

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

The countdown for NIS-2 is on: By 17 October 2024 at the latest, the new EU directive on network and information security must be transposed into national law. NIS-2 not only expands the circle of affected companies and public institutions - by up to 100,000 additional organisations across Europe - but also tightens the prescribed protective measures. Among other things, possible security risks in supply chains and supplier relationships come more into focus. As a result, NIS-2 also has an impact on a great many other companies.

To ensure the security of their supply chains, CRITIS operators must take into account "the specific vulnerabilities of each immediate supplier and service provider, as well as the overall quality of the products and cybersecurity practices of their suppliers and service providers, including the security of their development processes" - according to the current draft of the NIS-2 Implementation Act (NIS2UmsuCG). Supply chain risks thus become compliance risks for the organisations concerned. 

In this presentation, Knut Trepte shows how companies can prepare for the requirements of NIS-2 in good time - and what role certifications such as Common Criteria EAL 4+ play in this. Using SUSE Linux Enterprise Server (SLES) as an example, he explains what the use of a certified operating system means for legal liability.

The Common Criteria for Information Technology Security Evaluation, or Common Criteria for short, make it possible to evaluate the security of IT products according to general criteria. The internationally recognised standard defines seven trustworthiness levels, which contain increasing requirements for the testing and evaluation of a product.

SUSE Linux Enterprise Server received Common Criteria EAL 4+ certification from the German Federal Office for Information Security (BSI) in 2021. This was based on a comprehensive evaluation of the product and all development and security update processes by atsec information security and BSI officials. The Evaluation Assurance Level 4 augmented by ALC_FLR.3 (EAL 4+) confirms that SLES meets the highest security requirements for the product and the entire supply chain for mission-critical infrastructures - on x86-64 as well as on IBM Z and Arm architectures. This makes SUSE currently the only vendor of a current general purpose operating system that is Common Criteria EAL 4+ certified for all these platforms.

Against the background of the NIS-2 regulations, this certification is an enormous advantage for companies using SLES: They can rest assured that the development and production processes of their operating system have been evaluated by an independent body. This significantly reduces legal liability, as the security of the software supply chain can be considered to have been audited by the German Federal Office for Information Security (BSI).

In addition to Common Criteria EAL 4+ certification, SLES also meets the requirements of other national and international security standards. These include FIPS 140-2/3 for encrypted communications and data storage, the Google SLSA standard for secure supply chains, and security certifications from Spain's Centro Criptológico National (CCN) and South Korea's Telecommunications Technology Association (TTA).

SUSE follows the principle of "certify once, use many" when certifying its operating system products. This means that the certified security and standards of SLES are also transferred to SLE Micro and SLE BCI (Base Container Images) through the common code base. This makes it easier for companies to meet compliance requirements for their entire IT. 

For more information on SUSE's certifications, click here:

... read more

Language: German

Questions and Answers: No


show more

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.