Red Hat, Inc., the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux has further solidified itself as a platform of choice for users requiring more secure computing, with Red Hat Enterprise Linux 7.6 achieving Common Criteria Certification as well as Commercial Solutions for Classified (CSfC) Status. These validations show Red Hat’s commitment to supporting customers that use the world’s leading enterprise Linux platform for critical workloads in classified and sensitive deployment scenarios.
Today’s Common Criteria certification and CSfC status for Red Hat Enterprise Linux 7.6 emphasizes our commitment to providing a more secure platform for even the most sensitive and classified workloads across the public and private IT sectors.
For Common Criteria, Red Hat Enterprise Linux 7.6 was certified by the National Information Assurance Partnership (NIAP), with testing and validation completed by Acumen Security, a U.S. government-accredited laboratory. The platform was tested and validated against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) against version 4.2.1 of the NIAP General Purpose Operating System Protection Profile and is the latest Red Hat Enterprise Linux version to appear on the NIAP Product Compliant List.
Additionally, Red Hat Enterprise Linux 7.6 is now an approved TLS Protected Server component for Commercial Solutions for Classified (CSfC) solutions and is included in the CSfC TLS Protected Servers Components List. This program, established by the National Security Agency (NSA), enables commercial products to be used in layered solutions protecting National Security System (NSS) data. More information on CSfC can be found at https://www.nsa.gov/resources/everyone/csfc/.
Previously, Red Hat Enterprise Linux operating systems were certified at EAL4+. The treaty that enables countries to recognize certifications across borders now includes a new Common Criteria Recognition Arrangement that only recognizes up to EAL2. This treaty also rewrote Protection Profiles across products to be very specific about individual product requirements, documentation and testing procedures. It is now expected that a solution either meets the Protection Profile exactly or does not.
In the previous EAL system, the number (EAL2, EAL4, etc.) distinguished the degree of rigor applied to meeting open-ended requirements. This revised certification is designed to be more predictable and better suited to an operating system with frequent minor releases like Red Hat Enterprise Linux, with future platform certifications intended to be aligned with this certification method.
Red Hat seeks to make the latest platform innovations meet the most stringent requirements for critical IT infrastructure. Red Hat Enterprise Linux 8.1 is now officially "In Evaluation" for Common Criteria certification as well.
Paul Smith, senior vice president and general manager, Public Sector, Red Hat
"The operating system forms the heart of secure enterprise computing, from national security needs to critical biomedical research. Today’s Common Criteria certification and CSfC status for Red Hat Enterprise Linux 7.6 emphasizes our commitment to providing a more secure platform for even the most sensitive and classified workloads across the public and private IT sectors. "
Ashit Vora, vice president, Acumen Security
"Acumen Security congratulates Red Hat on the successful NIAP Common Criteria certification of Red Hat Enterprise Linux 7.6. This rigorous security evaluation against stringent requirements identified by the National Security Agency under the global Common Criteria Certification Standard demonstrates and confirms Red Hat’s commitment to make CC certified versions of Red Hat Enterprise Linux available to security conscious customers such as the national security-related agencies, finance and healthcare verticals. We are honored that Red Hat selected Acumen Security as their security certification partner to achieve this significant milestone that few other operating system vendors in the industry have accomplished. "
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company or its parent International Business Machines Corporation (NYSE:IBM) may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.
Red Hat, Red Hat Enterprise Linux, the Red Hat logo, JBoss, Ansible, Ceph, CloudForms, Gluster and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. The OpenStack Word Mark is either a registered trademark/service mark or trademark/service mark of the OpenStack Foundation, in the United States and other countries, and is used with the OpenStack Foundation's permission. Red Hat is not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.