Menu
Become a Client

SUSE Earns Highest Level Accreditation for its SLES Linux Distribution, Doubles Down on Security

The News: SUSE has earned the highest level accreditation for its flagship SLES Linux distribution. Announced this week, the Common Criteria EAL 4+ certification for the SUSE Linux Enterprise Server (SLES) 15 SP2 is now EAL 4+ level certified for IBM Z, Arm, and x86-64 architectures, signifying compliance with the most demanding security requirements for mission critical infrastructure. Read the full press release from SUSE here.

SUSE Earns Highest Level Accreditation for its SLES Linux Distribution, Doubles Down on Security

Analyst Take: The news that SUSE has earned the highest level accreditation for its SLES Linux distribution was welcome news. With the daily headlines filled with high profile hacking attacks, and the reality that ransomware is focused on critical infrastructure, security has never been more of a hot button issue. Against this backdrop, the announcement by SUSE concerning the security certification for the company’s SLES Linux distribution is incredibly timely.

What is Common Criteria?

Common Criteria (CC) is an international set of guidelines with 17 certificate authorizing member nations and 14 certificate consuming countries that provide specifications developed for evaluating information security products. These specifications are specifically designed to ensure they meet an agreed-upon security standard for government deployments. Given the provenance and widespread adoption of these specifications, many security focused organizations in Finance, Telco, Retail, and those focused on securing personally identifiable information (PII) use these specifications as a way to evaluate solutions

The Common Criteria specifications are broken into two areas: Protection Profiles and Evaluation Assurance Levels. A Protection Profile (PPro) defines a standard set of security requirements for a specific type of product. The Evaluation Assurance Level (EAL) specification defines the thoroughness of product testing.

Evaluation Assurance Levels range from 1-7, with seven being the highest-level of evaluation. Despite what you may think, a higher evaluation level does not mean the product has a higher level of security, only that the product went through more tests. The graphic below provides a quick overview of the EAL levels:

overview of the EAL levels
Image Credit: Common Criteria

In order to submit a solution for evaluation, the submitting vendor must complete a Security Target (ST) description. This vendor submission includes an overview of the product and the product’s security features, along with the vendor’s self-assessment detailing how the product is designed to conform to the relevant Protection Profile at the EAL the vendor chooses to be tested against. Following the vendor submission, the next step is for the laboratory to test the product to verify the product’s security features. The results of a successful evaluation form the basis for an official certification of the product.

In a Strategic Move, SUSE Doubling Down on Security is Smart

This is without question an indicator that SUSE is doubling down on security — which is smart strategy. As more and more organizations deploy Linux into mission critical environments, and UNIX deployments correspondingly decrease, the need for highly secure operating systems is becoming more prevalent. Against this backdrop, it is somewhat surprising that SUSE is currently the only provider of a general purpose Linux operating system with a secure software supply chain that is certified Common Criteria EAL 4+ for the IBM Z, Arm and x86-64 architectures given how prevalent these platforms are in governments and financial services organizations. Given their market leadership, it will be interesting to see when Red Hat receives this same certification.

Commenting on the announcement, Thomas Di Giacomo, SUSE Chief Technology and Product Officer said, “In today’s age of advanced hacking and service disruption, Common Criteria EAL 4+ level certification for SLES provides confidence to critical service providers such as governments, finance and banking companies, healthcare organizations, water and power companies, telecommunications providers, and others innovating at the edge.”

SUSE Linux Enterprise Server 15 SP2 was also certified by BSI, Germany’s Federal Office for Information Security, full details of that certification can be found here.

The Significance of SUSE’s EAL Certification

As vendors look to increase the security posture of their offerings and solutions, I expect to see a stronger focus on industry standards and specifications such as EAL as these independent specifications allow customers to make purchasing decisions based on independent verification. While the Common Criteria evaluation criteria are not a hard and fast insurance policy, they do form a basis for vendor evaluations and would form the basis for a series of questions in any Request For Information or Request For Proposal.

As deployment models become more fragmented — with solutions spanning IoT, edge, on-premises datacenter and increasingly hybrid and public cloud models — customers need a way to evaluate solutions and make informed decisions. Approaches such as Common Criteria and EAL address this requirement and will therefore become a key part of how vendors start to describe their offerings to potential customers.

SUSE taking a leadership position in certifying the ARM, IBM Z & LinuxONE and Intel x86-64 platforms is good for the Linux market as a whole, as it will force vendors such as Red Hat with RHEL and Canonical with Ubuntu to follow suit. I would expect these vendors to not be far behind in getting their Linux distributions certified. However, if Red Hat and Canonical do delay in getting their distributions certified, I would expect to see SUSE leverage their first mover advantage to drive further adoption in customer segments that will be focused on EAL ratings.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Other insights from Futurum Research:

Salesforce Rolls Out Its Slack-First Customer 360 Strategy 

With The Argus System, Microsoft Research And Collaborators Seek To Leverage Ethereum To Prevent Piracy

Qualcomm Spoke Partnership Brings C-V2X To Bicycles, Expands Smart Transportation Safety Ecosystem

Image Credit: Linux and Mainframe

Author Information

Steven engages with the world’s largest technology brands to explore new operating models and how they drive innovation and competitive edge.

Related Insights
OpenAI Frontier Close the Enterprise AI Opportunity Gap—or Widen It
February 9, 2026
 

OpenAI Frontier: Close the Enterprise AI Opportunity Gap—or Widen It?

Futurum Research Analysts Mitch Ashley, Keith Kirkpatrick, Fernando Montenegro, Nick Patience, and Brad Shimmin examine OpenAI Frontier and whether enterprise AI agents can finally move from pilots to production. The...
Mitch Ashley
Fernando Montenegro
Brad Shimmin
 & 
Commvault Introduces Geo Shield. Can One Platform Meet Sovereign Needs?
February 9, 2026
 

Commvault Introduces Geo Shield. Can One Platform Meet Sovereign Needs?

Fernando Montenegro, VP & Practice Lead for Cybersecurity & Resilience at Futurum, examines Commvault Geo Shield and its focus on sovereign deployment models that retain control over data location, operations,...
Fernando Montenegro
Is 2026 the Turning Point for Industrial-Scale Agentic AI?
February 5, 2026
 

Is 2026 the Turning Point for Industrial-Scale Agentic AI?

VP and Practice Lead Fernando Montenegro shares insights from the Cisco AI Summit 2026, where leaders from the major AI ecosystem providers gathered to discuss bridging the AI ROI gap...
Fernando Montenegro
Cisco’s "End of Gold": A High-Stakes Pivot to Skills-First Architecture
February 3, 2026
 

Cisco’s “End of Gold”: A High-Stakes Pivot to Skills-First Architecture

Tiffani Bova, Chief Strategy and Research Officer at The Futurum Group, examines Cisco’s 360 Partner Program and how its redesigned incentives, designations, and tools aim to align partner profitability with...
Tiffani Bova
ServiceNow Q4 FY 2025 Earnings Highlight AI Platform Momentum
January 30, 2026
 

ServiceNow Q4 FY 2025 Earnings Highlight AI Platform Momentum

Futurum Research analyzes ServiceNow’s Q4 FY 2025 results, highlighting AI agent monetization, platform consolidation in CRM/CPQ, and a security stack aimed at scaling agentic AI across governed workflows heading into...
Futurum Research
Microsoft Q2 FY 2026 Cloud Surpasses $50B; Azure Up 38% CC
January 30, 2026
 

Microsoft Q2 FY 2026: Cloud Surpasses $50B; Azure Up 38% CC

Futurum Research analyzes Microsoft’s Q2 FY 2026 earnings, highlighting AI-led cloud demand, agent platform traction, and Copilot adoption amid record capex and a substantially expanded commercial backlog....
Futurum Research

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence Platform
Login to Futurum Labs Research Library

Book a Demo

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.