ProductsServer Desktop & Workstation Developer Subscriptions Satellite OpenStack Platform For IBM POWER For SAP Business Applications Management For Scientific ComputingExtended Update Support High Availability High Performance Network Load Balancer Resilient Storage Scalable File System Smart Management Extended Lifecycle SupportA-MQ Accelerate Automate Integrate Application Platform BPM Suite BRMS JBoss community or Red Hat JBoss Middleware Data Grid Data Virtualization Developer Studio Portfolio Edition Fuse Fuse Service Works Operations Network Portal Web Framework Kit Web Server
SolutionsWhy Red Hat Why open hybrid cloud? The new IT Public cloud Cloud resource library Private cloud Infrastructure-as-a-Service (IaaS) Platform-as-a-Service (PaaS) Cloud applications and workloadsSolaris to Red Hat Enterprise Linux Migration overview Migrate from your UNIX platform How to migrate to Red Hat Enterprise Linux Upgrade to the latest Red Hat Enterprise Linux release Red Hat JBoss Middleware Benefits of migrating to Red Hat Enterprise Linux Migration services Start a conversation with Red Hat
TrainingPopular and new courses Red Hat JBoss Administration curriculum Core System Administration curriculum Red Hat JBoss Middleware development curriculum Advanced System Administration curriculum Linux Development curriculum Cloud Computing, Virtualization, and Storage curriculum
ConsultingSOA and integration Business process management Custom Software Development Enterprise Data and Storage Systems management Migrations
Red Hat Enterprise Linux 7 in evaluation for Common Criteria certification
June 19, 2014Security is a crucial component of the technology Red Hat provides for its customers and partners, especially those who operate in sensitive environments, including the military.
Red Hat U.S. Public Sector team
Given that importance, we are excited to announce that BSI, Germany's federal office for information security, is currently evaluating Red Hat Enterprise Linux 7 for Common Criteria certification, and we’re honored to be working with our hardware partners to certify Red Hat Enterprise Linux 7 on their products. The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. This will be Red Hat’s 16th Common Criteria Certification, reinforcing our commitment to comply with and surpass public sector security standards.
In the Common Criteria scheme, the Evaluation Assurance Level (EAL) represents the depth and rigor of the evaluation, giving consumers the confidence that products certified at a specific level meet the package of security assurance requirements associated with that level. Red Hat Enterprise Linux 7 has been submitted for Common Criteria at EAL 4+, the highest level of assurance for an unmodified commercial operating system. The submission is for both Operating System Protection Profile (OSPP) v3.9 and v2.0 including Advanced Management, Labeled Security, and Enhanced Identity and Authentication extended modules.
The current certification is aiming to achieve two goals. The first is to meet OSPP v3.9 exactly as the National Information Assurance Partnership (NAIP) defined it, helping U.S. government agencies to meet this requirement. The second goal is to certify under OSPP v2.0 at EAL4+, including all capabilities previously certified to the base operating system on Red Hat Enterprise Linux 6, but without the Advanced Audit extended module.
The security function requirements under OSPP v2.0 will enable Security-Enhanced Linux’s (SELinux's) Multi-Level Security (MLS) and Role Based Access Control (RBAC) capabilities to be certified. Additionally, Red Hat will include System Security Services Daemon (SSSD) to authenticate users against remote servers demonstrating enterprise level user management. This will be done in both OSPP v3.9 as NIAP defined it and using the Enhanced Identity and Authentication extended module under OSPP v2.0.
This certification, in tandem with forthcoming FIPS 140-2 and cryptography certification for Red Hat Enterprise Linux 7, will provide users with further confidence that Red Hat Enterprise Linux 7 will meet or exceed government security requirements. The FIPS-140 certifications will include all the updated requirements that NIST has levied such as a new Deterministic Random Byte Generator (DRGB) as specified in SP 800-90a; an updated RSA key generation technique as specified in FIPS 186-4; and updated key sizes and algorithms as specified in SP 800-131a. Red Hat’s current FIPS work will contain all of its previously certified crypto modules and increase the scope to include gnutls and its crypto library, libnettle.
Red Hat encourages customers and partners to visit https://www.bsi.bund.de/EN/Topics/Certification/incertification.html and reference certification BSI-DSZ-CC-0949 to verify the evaluation of Red Hat Enterprise Linux 7 for Common Criteria Certification.
You can find out more about our sustained commitment to Common Criteria and other security certifications at http://www.redhat.com/security and http://www.redhat.com/solutions/government/certifications/.