Certifications and accreditations

Red Hat® open source software is secure, stable, and easily used in security-sensitive environments. Our products are certified for government use and easily accredited by the appropriate authorities. We work closely with US government customers and security specialists to make sure of it.

On this page:

Red Hat Enterprise Linux—the most certified operating system available

It's true. Through its history, Red Hat Enterprise Linux ® has passed the Common Criteria process 13 times on 4 different hardware platforms. Red Hat Enterprise Linux 5 has even received Common Criteria certification at Enterprise Assurance Level 4 (EAL4+) under the:

  • Controlled Access Protection Profile (CAPP)
  • Label Security Protection Profile (LSPP)
  • Role-Based Access Control Protection Profile (RBACPP)

What does this mean for your agency? Red Hat Enterprise Linux provides a level of security and a feature set that was previously unheard-of from a mainstream operating system.

JBoss certifications

Our JBoss ® Enterprise Middleware solutions include support for common middleware security standards. And both the JBoss Enterprise Application Platform and MetaMatrix Data Services Platform are Common Criteria-certified at EAL2+.

See a complete matrix of the Red Hat products and standards at the bottom of this page. We also offer a number of services to help our government customers meet their requirements.

Red Hat mailing lists

US government and contractors may be interested in the Red Hat Government Security mailing list, a moderated forum for Red Hat users in the information assurance and certification and accreditation community.

Red Hat security training and certifications

Red Hat provides a number of security-specific courses and a formal certification program for systems engineers working in the security field.

Security and hardening resources

Looking for the most secure Red Hat Enterprise Linux installation possible? Get valuable guidance:

Certification and accreditation tables

We're excited to announce that Red Hat has entered into an agreement with atsec information security to certify Red Hat Enterprise Linux 6 under Common Criteria at EAL4+. This will include certifying the Kernel-based Virtual Machine (KVM) hypervisor on both Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.

Red Hat Enterprise Linux (RHEL)

  RHEL 4 RHEL 5 RHEL 6
Common Criteria
EAL 3+/CAPP		 HP (report, target)
SGI (report, target)
Unisys (report, target)		 - -
Common Criteria
EAL 4+/CAPP		 IBM (report, target) - -
Common Criteria
EAL 4+/CAPP/RBACPP/LSPP		 - Dell (report, target)
HP (report, target)
IBM (report, target)
SGI (report, target)		 -
In evaluation for Common Criteria - BSI-DSZ-CC-0724, includes virtualization BSI-DSZ-CC-0754, includes virtualization
Directorate of Central Intelligence Directive (DCID) 6/3 PL3+. See your Red Hat account manager for more details and sign up for the gov-sec mailing list.
DISA Security Technical Implementation Guides (STIG) There are many options for meeting the STIG requirements. See your Red Hat account manager for more details and sign up for the gov-sec mailing list.
FIPS 140-2 NSS (Cert. #814, #815, #1293, #1280) The following modules are in evaluation:
  • kernel crypto API
  • libgcrypt
  • openswan
  • OpenSSH Client
  • OpenSSH Server
  • OpenSSL
OVAL See the Red Hat Security OVAL Webpage
NISPOM Chapter 8 See NISPOM Chapter 8 Knowledge Base Article
Section 508 Accessibility VPAT for RHEL 4 VPAT for RHEL 5 VPAT for RHEL 6

Red Hat identity and management products

  Red Hat Certificate System Red Hat Network Satellite Server 5
Common Criteria
EAL 4+		 EAL4+ -
Section 508 Accessibility - VPAT for RHN Satellite Server 5

JBoss middleware

  MetaMatrix Data Services Platform v5.5.3 JBoss Enterprise Application Platform (EAP) v4.3
Common Criteria
EAL 2 augmented by ALC_FLR.3		 EAL2 EAL2