Red Hat Enterprise Linux 6 Secure-Ready for Government Clouds with Common Criteria Certification

Red Hat Enterprise Linux 6, including the KVM hypervisor, has been awarded a major security certification used by IT in government, financial and other mission-critical verticals. By receiving the Common Criteria Certification at Evaluation Assurance Level (EAL) 4+, which is the highest level of assurance for an unmodified commercial operating system, Red Hat can assure public sector customers looking at cloud and virtualization will meet a range of important security assurance requirements.

Tags: cloud, Common Criteria, Dell, EAL, HP, IBM, ISO, KVM, Linux, Red Hat, virtualization,

cloudcon_imagemsRed Hat Enterprise Linux 6, including the KVM hypervisor, has been awarded a major security certification used by IT in government, financial and other mission-critical verticals. By receiving the Common Criteria Certification at Evaluation Assurance Level (EAL) 4+, which is the highest level of assurance for an unmodified commercial operating system, Red Hat can assure public sector customers looking at cloud and virtualization will meet a range of important security assurance requirements.

Notably, Red Hat Enterprise Linux 6 features Security-Enhanced Linux (SELinux), a joint project developed with the National Security Agency (NSA). The certification provides assurance that using Red Hat Enterprise Linux 6 with the KVM hypervisor allows providers to host many tenants on the same machine while keeping their virtual guests separated from each other using Mandatory Access Control technology developed by the NSA, according to Paul Smith, Red Hat’s vice president and general manager for public sector operations.

Red Hat also worked extensively with Dell, HP, IBM and SGI to certify Red Hat Enterprise Linux 6 to achieve Common Criteria Certification for a wide variety of hardware from these manufacturers.

One of Red Hat’s top cloud security experts told IDN that the certification for Red Hat Enterprise Linux 6 will provide strong value to IT execs in government, financial services and other mission-critical sectors who have been looking for better security before committing to cloud and virtualization projects.

"Red Hat Enterprise Linux 6's Common Criteria certification allows public sector customers to shorten certification and accreditation times,” David Egts, a principal architect for Red Hat’s U.S. Public Sector unit told IDN. “As they increase their adoption of cloud computing and  virtualized infrastructure, this certification allows customers to have a common cybersecurity posture whether they use Red Hat Enterprise Linux  on multi-vendor bare metal, as a guest, and as a hypervisor in  virtualized or cloud infrastructures. No longer do they have to choose  between open source innovation and security compliance -- now they get
both as a standard part of Red Hat Enterprise Linux 6."

"Red Hat Enterprise Linux 6's Common Criteria certification allows public sector customers to shorten certification and accreditation times”

David Egts
principal architect
U.S. public sector unit
Red Hat


Red Hat’s Smith added that the latest Common Criteria certification is the 15th for Red Hat Enterprise Linux, marking a long tradition of commitment to security. “We’ve been deeply committed to security certifications so that customers can confidently turn to Red Hat for the expertise to deploy open source solutions at maximum security levels, and our work with Dell, HP, IBM and SGI on this certification reinforces that government customers can run Red Hat Enterprise Linux with confidence on a wide variety of hardware from many of the industry’s top providers,” Smith said in a statement.

To be technically precise, Red Hat Enterprise Linux 6 received Common Criteria Certification at EAL 4+, the highest level of assurance for an unmodified commercial operating system, for the Operating System Protection Profile (OSPP). The certification also includes Red Hat’s extended modules for Advanced Management, Advanced Audit, Labeled Security, and Virtualization. The certification is good for Red Hat Enterprise Linux 6 running on hardware from Dell, HP, IBM and SGI.

Earlier, Red Hat Enterprise Linux 6 was certified by Germany's Federal Office for Information Security (known as BSI). To facilitate this certification, Red Hat worked with atsec information security, a U.S. government and BSI accredited laboratory, which tested and validated the security, performance and reliability of the solution against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) at EAL4+.

Red Hat’s hardware partners were equally excited about Red Hat Enterprise Linux 6 receiving Common Criteria certification. “With Red Hat earning common criteria security certification, Dell’s government customers can now meet the stringent security requirements needed to help organizations protect their security sensitive environments while still delivering business results,” Tim Mattox, Dell’s vice president for enterprise product marketing said in a statement.

At HP, the sentiment was similar.  “To accomplish their missions, federal agencies rely on computer systems that deliver a high level of security and reliability. This certification of the entire HP ProLiant product line demonstrates HP’s commitment to helping Red Hat Enterprise Linux meet the risk management needs of their agency clients” according to Tom Hempfield, vice president of HP’s federal business organization.

The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. In the Common Criteria scheme, EAL represents the depth and rigor of the evaluation, giving consumers the confidence that products specified at a specific level meet the package of security assurance requirements associated with that level, according to Red Hat.

 




back

Share
Go