“With this COTS GP-OSPP foundation, we expect that evaluating Linux products under similar PPs, like the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) General Purpose Operating System Protection Profile (BSI GP-OSPP) can also be undertaken”
Well, I would stick with the old TCSEC rules, with a few adjustments, whatever the stricter of the two policies is.
Here comes the apple gig …
And here comes the microsoft gig …
‘But’ they forget to mention (maybe intentionally, counter information,) the VPRO ARM32 and VNC remote control system built in, and the ‘interesting’ technology of TPM 2.0 with ‘remote’ firmware control, which in the ‘new designs’ could probably ‘downgrade’ a regular Intel non-VPRO into a VPRO one (apparently the characteristics are common to all newer Intel, just ‘not activated’ unless you pay them 50 bucks, or unless ‘they’ decide is worth spying on you.)
So my take for PC compatibles is: Intel and TPM 2.0, good only for counterinformation or honeypots, D0, unsafe even if disconnected from network or turned off, TPM 1.x (in this case is possible to enable/disable from firmware,) only running open non proprietary system self installed, only with hard disks pre-2005, and not over C1, anything over C1 on hardware pre TPM age, only disconnected from public networks, very strong cipher always ‘offline’ for public networks, on 1980 simple single task single user machines, pre DOS, pre networks age. 😉
For the others, I would stop at apple pre-intel and windows pre-xp, but only running in virtual machines, with no network access.