Overview
For nearly two decades, Red Hat has been helping both public and private entities adapt to changing IT security requirements and concerns by achieving a wide range of security validations for our products in global markets and by providing actionable information for organizations to improve their system security footprint.
Red Hat supports our customers with the necessary tools and guidance to implement and achieve sensitive computing requirements compliance and IT systems security.
Some of the standards and certifications Red Hat supports are:
Common Criteria (CC). CC is an international standard (ISO/IEC 15408) for certifying computer security. CC provides a systematic process for evaluating the security features, ensuring they meet given security requirements before being used in sensitive environments. List of Common Criteria certified products.
Federal Information Processing Standards 140-2/140-3. FIPS 140-2 and FIPS 140-3 ensure that cryptographic modules implement their cryptographic algorithms properly. Red Hat provides a list of FIPS certificates for its cryptographic modules.
Secure Technical Implementation Guidelines (STIG). Red Hat offers guidance for customers running systems which must meet the STIG requirements. You can now apply STIG requirements with ease using the automation tools and the scap-security-guide package for security policies.
FedRAMP. FedRAMP is a variant of the FISMA process for cloud providers and is not a product certification. Red Hat OpenShift Service on AWS is approved for FedRAMP High.
- ISO 27001, 27017, 27018; SOC 2 Type 2, and PCI DSS. These are some of the most well-known standards for information security management, safeguarding customer data, and cloud security. Achieving these certifications and attestations indicates that our customer data is protected by a robust and compliant security structure that aligns with established industry standards.