RALEIGH, N.C. - —
Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.1 has received nine Federal Information Processing Standard (FIPS) 140-2 security certifications from the U.S. federal government’s National Institute of Standards and Practices (NIST). These certifications, achieved in 2016, emphasize Red Hat’s focus on delivering a more secure foundation for mission-critical systems, building upon Red Hat Enterprise Linux 7.1’s recent achievement of a Common Criteria security certification at Evaluation Assurance Level (EAL) 4+ as the first certified operating system to offer Linux Container Framework Support.
Red Hat understands the varied IT security needs of these organizations, and Red Hat Enterprise Linux’s FIPS 140-2 and Common Criteria EAL4+ certifications provide continued support of our commitment to deliver a highly-secure operating system for environments that require the strictest of protections.
The FIPS 140-2 certification program is a joint initiative between the U.S.-based National Institute for Standards and Technology (NIST) and the Communications Security Establishment (CSE) for the Government of Canada. This internationally recognized certification is mandated by national agencies in the U.S. and Canada and recognized in Europe and Australia. Information systems based on Red Hat Enterprise Linux 7 now have greater assurance that native cryptographic security systems, such as those used to encrypt data and provide more secure communications, have been formally evaluated to meet international cryptography standards.
Red Hat Enterprise Linux 7.1 has achieved FIPS 140-2 certification for the following modules:
The certified Red Hat Enterprise Linux 7.1 modules retain FIPS 140-2 certification when running on these hardware configurations:
HPE ProLiant DL380p Gen8 with PAA
HPE ProLiant DL380p Gen8 without PAA
IBM Power8 Little Endian 8286-41A
IBM z13 (single-user mode)
The U.S. Secretary of Commerce approves standards and guidelines that are developed by NIST for U.S. federal information systems. The FIPS 140 Publication Series coordinates the requirements and standards from cryptographic modules for hardware and software, and in order to achieve FIPS 140-2 validation, cryptographic modules are subjected to rigorous testing by independent, accredited test facilities.
The validation testing for today’s announcement was performed by atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. atsec is an independent company with long-standing experience in international IT security standards.
Paul Smith, vice president and general manager, Red Hat
“Protecting highly-sensitive data, from employee and customer financial data to national security details, is a critical need for modern IT departments, particularly those operating in the public sector. Red Hat understands the varied IT security needs of these organizations, and Red Hat Enterprise Linux’s FIPS 140-2 and Common Criteria EAL4+ certifications provide continued support of our commitment to deliver a highly-secure operating system for environments that require the strictest of protections.”
Yi Mao, manager, Cryptographic Security Test Laboratory, atsec information security
“Red Hat endeavors to keep assurances by having a third party lab working with them to perform code inspection and independent testing against rigorous standards in cryptography as well as product security. It has been a dramatic effort for Red Hat to take their stack of cryptographic libraries running on the operating system RHEL 7.1 through FIPS 140-2 validation. Their pursuit for greater security is demonstrated in the wide validation scope and deep understanding of security requirements, and we are honored to be Red Hat’s chosen lab for these FIPS 140-2 certifications and applaud their achievement.”