Red Hat Achieves Six FIPS 140-2 Security Certifications on HP Systems

Raleigh

Global, April 26, 2011

Red Hat Enterprise Linux 5 on HP ProLiant Servers Completes Significant U.S. Government Certification Effort

Red Hat Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced the completion of six Federal Information Processing Standard (FIPS) 140-2 certifications from the U.S. government’s National Institute of Standards and Technology (NIST). This marks the culmination of one of the largest certification efforts that Red Hat has completed with the U.S. Government.

Information security officials have a mandate to maintain greater control over data and information systems. U.S. Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) IT-related products must use FIPS-140 certified systems. FIPS 140-2 validation is required by national agencies in Canada and is recognized in Europe and Australia.

“Military and civilian government agencies alike require the highest possible protection for their highly sensitive and valuable data,” said Jim Totton, vice president, Platform Business Unit at Red Hat.  “Undertaking and achieving this significant certification effort illustrates our dedication to building an operating system that is designed to meet the most rigorous security standards in the world. Our work with HP to achieve these certifications represents significant value for government customers, who no longer are required to invest in a separate utility to get FIPS-certified encryption capabilities.”

Red Hat Enterprise Linux 5 on HP ProLiant Servers has achieved the following FIPS 140-2 certifications:
--Kernel Crypto API Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1387
--OpenSwan Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1386
--OpenSSH-Client Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1385
--OpenSSH-Server Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1384
--OpenSSL Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1320
--Libgcrypt Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1305

"Securing data in transit is a critical concern for any agency that provides vital information services over a network," said Tom Hempfield, vice president, Federal Business Organization at HP. "This certification demonstrates HP's long-standing investment in enhancing Red Hat Enterprise Linux security to provide our agency customers with the security they need to manage risk appropriately."

The Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for U.S. Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use by the U.S. Government and government contractors. NIST develops FIPS when there are compelling U.S. Government requirements, such as for security and interoperability, and there are no acceptable industry standards or solutions. The FIPS 140 Publication Series coordinates the requirements and standards from cryptography modules for hardware and software, and to achieve FIPS 140-2 validation, cryptographic modules are subjected to rigorous testing by independent, accredited test facilities.

The validation testing was performed by the atsec information security corporation Cryptographic and Security Testing (CST) Laboratory in Austin. atsec is an independent company with longstanding experience in international IT security standards.

Apostol Vassilev, atsec’s CST Lab Manager, stated, "This validation marks an important milestone in that users of Red Hat Enterprise Linux can have confidence that the operating system and the critical services and applications that run on it comply with the full scope of security assurances provided by the FIPS 140-2 standard. We applaud Red Hat and HP for setting a high industry standard for security capabilities and their commitment to these important certifications."

In addition to the completed FIPS 140-2 certifications for Red Hat Enterprise Linux 5, Red Hat is also officially “In Evaluation” for FIPS 140-2 certification of Red Hat Enterprise Linux 6.

For a full list of Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules from NIST, visit http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm.

To learn more about Red Hat’s certifications and accreditations, visit http://www.redhat.com/solutions/government/certifications/.

Additional information about HP’s open source and Linux solutions is available at http://www.hp.com/go/linux.

For more information about Red Hat, visit www.redhat.com.  For more Red Hat news, more often, visit www.press.redhat.com.

About Red Hat, Inc.
Red Hat, the world's leading provider of open source solutions and an S&P 500 company, is headquartered in Raleigh, NC with over 65 offices spanning the globe. CIOs ranked Red Hat as one of the top vendors delivering value in Enterprise Software for seven consecutive years in the CIO Insight Magazine Vendor Value survey. Red Hat provides high-quality, affordable technology with its operating system platform, Red Hat Enterprise Linux, together with virtualization, applications, management and Services Oriented Architecture (SOA) solutions, including Red Hat Enterprise Virtualization and JBoss Enterprise Middleware. Red Hat also offers support, training and consulting services to its customers worldwide. Learn more: http://www.redhat.com.

About atsec information security
atsec information security (www.atsec.com) is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich, Germany in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China. atsec's service includes formal laboratory testing and evaluation, independent testing and evaluation as well as information security consultancy.

atsec offers cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada. atsec also offers formal testing under the NIST's PIV Program (NPIVP), Cryptographic Algorithm Validation Program (CAVP), Security Content Automation Protocol Program (SCAP), and product approval testing under the GSA FIPS 201 EP.

atsec works with such leading global companies as Apple, CloudShield, IBM, HP, Honeywell, Patrick Townsend, Quantum Corporation and Red Hat.

Forward-Looking Statements
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to delays or reductions in information technology spending, the integration of acquisitions and the ability to market successfully acquired technologies and products; the ability of the Company to effectively compete; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; risks related to data and information security vulnerabilities; ineffective management of, and control over, the Company's growth and international operations; fluctuations in exchange rates; uncertainty and adverse results in litigation and related settlements, and changes in and a dependence on key personnel, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission's website at http://www.sec.gov), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as the earthquakes and related events in Japan . The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of the press release.
###

Red Hat, the Shadowman logo and JBoss are registered trademarks of Red Hat, Inc. in the U.S. and other countries. Linux is a registered trademark of Linus Torvalds.