Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.1 has been awarded the Common Criteria Certification at Evaluation Assurance Level (EAL) 4+ for an unmodified commercial operating system under the Operating System Protection Profile (OSPP). This marks the first time that an operating system has been Common Criteria-certified with Linux Container Framework Support, further demonstrating Red Hat Enterprise Linux 7’s ability to provide hardened and more secure IT innovations like Linux containers.
Not only does the Common Criteria certification demonstrate that Red Hat Enterprise Linux offers industry-leading security features, this achievement also marks our flagship operating system as the first to bring a framework for Linux container technology into the world of more secure, certified computing.
The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. In the Common Criteria scheme, EAL represents the depth and rigor of the evaluation, giving consumers the confidence that products specified at a specific level meet the package of security assurance requirements associated with that level. This certification provides government agencies, financial institutions, and customers in other security-sensitive environments the assurance that Red Hat Enterprise Linux 7.1 meets clear, specific security standards used by the federal government.
In addition to Linux Container Framework Support, Red Hat Enterprise Linux 7 has also been certified to include functionality for:
Advanced Management (MLS mode only)
Labeled Security (MLS mode only)
Runtime protection against programming errors, encompassing address space layout randomization (ASLR), stack smashing protector strong and others
Packet Filter
This combined functionality makes Red Hat Enterprise Linux 7 the most secure platform that Red Hat has ever certified via Common Criteria.
Certified configurations from Red Hat Partners include:
Dell EMC
Dell EMC PowerEdge R530, R630, R730, R730xd, R920, and R930
Dell EMC PowerEdge T430 and T630
Dell EMC PowerEdge M630 and M830
Dell EMC PowerEdge FC430, FC630 and FC830
Dell EMC PowerEdge C6320
Dell Precision Rack 7910 Workstation
Hewlett Packard Enterprise (HPE)
HPE based on x86 64bit Intel Xeon processors:
HPE ProLiant ML series G7, Gen8, Gen9 product line
HPE ProLiant DL series G7, Gen8, Gen9 product line
HPE ProLiant BL series G7, Gen8, Gen9 product line
HPE ProLiant SL series G7, Gen8, Gen9 product line
HPE based on AMD64 processors:
HPE ProLiant ML series G7, Gen8 product line
HPE ProLiant DL series G7, Gen8 product line
IBM
IBM System p based on Power 8 processors providing execution environments with PowerVM:
Big Endian with PowerVM: Tuleta BE model number - Power 835 model 8286-41A
Little Endian with Red Hat Virtualization for Power 3.6: Power 835 model 8284-22A
IBM System z based on z/Architecture processors:
zEnterprise EC12 (zEC12)
zEnterprise BC12 (zBC12)
zEnterprise 196 (z196)
zEnterprise 114 (z114)
Red Hat Enterprise Linux 7.1 was certified by BSI, Germany's Federal Office for Information Security. To facilitate this certification, Red Hat worked with atsec information security corporation, a U.S. government and BSI accredited laboratory, which tested and validated the security, performance and reliability of the solution against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) at EAL4+.
Supporting Quotes
Paul Smith, vice president and general manager, Public Sector, Red Hat
“As the world’s leading enterprise Linux platform, Red Hat Enterprise Linux powers some of the world's most complex, critical and highly-secure systems, from financial markets to military communications networks. Not only does the Common Criteria certification demonstrate that Red Hat Enterprise Linux offers industry-leading security features, this achievement also marks our flagship operating system as the first to bring a framework for Linux container technology into the world of more secure, certified computing.”
Helmut Kurth, vice president and chief scientist, atsec information security corp.
“atsec has been working with Red Hat and the Linux community for many years to improve the security of the Linux Operating System. Throughout the many evaluations of Red Hat Enterprise Linux we pushed for enhancements of the security of this operating system and we are proud that this effort helped to create one of the most secure operating systems for critical applications that exists today.”
Scott Farrand, vice president, Platform Software, Hewlett Packard Enterprise
“Security is a constant concern for government, financial, and other security-sensitive customers. Achieving the EAL 4+ certification across the entire line of HPE ProLiant servers with Red Hat Enterprise Linux ensures our customers meet stringent government security standards.”
Jim Wasko, vice president, Open Systems, IBM
"The Red Hat Common Criteria Certification provides enterprise level security validation for large scale IBM Power and Z Systems computing environments leveraging open source solutions. As clients choose open source capabilities to achieve greater flexibility in their cloud environments, they can have confidence in the security offered by Red Hat's Linux Operating System."
- About Red Hat
Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to provide reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As a connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT. Learn more at http://www.redhat.com.
- Forward-Looking Statements
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the ability of the Company to compete effectively; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; delays or reductions in information technology spending; the integration of acquisitions and the ability to market successfully acquired technologies and products; the effects of industry consolidation; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; risks related to data and information security vulnerabilities; ineffective management of, and control over, the Company's growth and international operations; fluctuations in exchange rates; and changes in and a dependence on key personnel, as well as other factors contained in our most recent Annual Report on Form 10-K (copies of which may be accessed through the Securities and Exchange Commission's website at http://www.sec.gov), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.