From FIPS 140-3 to Common Criteria to DISA STIGs, Red Hat is constantly pursuing the next iteration of compliance for our customers. Red Hat’s mission has long been to bring community innovation to enterprise organizations, packaged in a hardened, production-ready form. This isn’t just about packaging and testing, however; we take extra steps to bring these emerging capabilities in-line with some of the most stringent secure computing standards and requirements in the world. Innovation by itself isn’t enough for public sector agencies or the companies that serve these organizations. Instead, open innovation must be paired with a proven commitment driving security-enhanced computing.
This isn’t a one-off effort for Red Hat, nor do we only pursue a single validation at a time. We consider standards compliance as a continuum, with dozens of efforts in flight at any given time. These pursuits take months, if not years, to achieve, especially as platforms grow in complexity and scope. With so many compliance efforts active, we wanted to provide a snapshot of some of these key projects to highlight our continued commitment to enabling secure, compliant computing in the public sector.
Common Criteria
A globally accepted standard, Common Criteria provides assurance that the processes around an IT product, from vendor claims to testing, prove that it truly does meet the needs of security-conscious computing. Red Hat Enterprise Linux (RHEL), the world’s leading enterprise Linux platform, forms the foundation of our Common Criteria efforts. Both RHEL 8.6 and RHEL 9.0 are now certified for Common Criteria, and are posted on the NIAP Product Compliant List. We are currently in the process of planning the next RHEL release to receive Common Criteria certification. We are also extending the hardware platforms that we use for Common Criteria validation by adding IBM Z15 to our RHEL 8.6 certification and IBM Z16 and IBM Power 10 for RHEL 9.0 certification.
Federal Information Processing Standards (FIPS)
FIPS 140-2 and 140-3 provide validation that the cryptographic tools in a given piece of software are implementing their respective algorithms properly. Because many Red Hat products use the same cryptographic binaries, a single certification can carry through to other Red Hat products and product versions with an unmodified binary. Given the wide range of choices that our customers have with RHEL, we will continue to submit versions of both RHEL 8 and RHEL 9 for FIPS review.
For RHEL 8, we also remain committed to both FIPS 140-2 and FIPS 140-3 evaluations, as FIPS 140-2 will continue to be viable until September 21, 2026. The RHEL 8.6 OpenSSL certificate has been issued, and IBM z15, IBM Power 9 and IBM Power 10 have been added as validated hardware for RHEL 8 FIPS certifications. We plan to continue with RHEL 8.8 for FIPS evaluation in the near future, including the update of RHEL 8.6 OpenSSL module.
With RHEL 9, we are focusing on FIPS 140-3. RHEL 9.0 is on the Modules In Process list, while RHEL 9.2 is either on the Implementation Under Test list or submitted and already on the Modules In Process list.
USGv6
USGv6 is the National Institute of Standards and Technology cross-agency effort to provide underlying processes, tools, measurement and more for IPv6 adoption in the U.S. federal government. Even though IPv6 is not specifically a security compliance standard for the US federal government, we are fully committed to achieving this. Both RHEL 8.6 and RHEL 9.0 listed on the USGv6-r1 Product Registry. Our plan is to continue on this listing with both RHEL 8.8 and RHEL 9.2.
DISA STIG
The Defense Information Systems Agency (DISA) provides Secure Technical Implementation Guides (STIGs) for IT components used in sensitive or security-forward computing operations in U.S. federal government and defense agencies. STIGs are an important part of maintaining a more secure IT landscape, and we’re pleased to highlight that DISA published the STIGs for Red Hat Enterprise Linux 9, Red Hat OpenShift, and Red Hat Ansible Automation Platform in 2023. Formal release of this guidance enables customers to begin production deployments of these solutions in sensitive IT environments.
Building towards the next-generation of IT security standards and compliance doesn’t stop at Red Hat. Behind the scenes, we’re constantly testing, analyzing and assessing our code above and beyond the already extensive hardening we do across our hybrid cloud portfolio. Security isn’t a point in time concept for Red Hat, and our work here shows our continued commitment to delivering technologies that comply with an incredibly broad set of critical regulations.
À propos de l'auteur
Tara is a security compliance and risk management enthusiast, working across the organization and with partners to identify and control security risk. Tara joined Red Hat and the private sector in February 2020, after gaining experience as a 10-year federal civilian employee, most recently serving as the Cybersecurity Director and Command Information Security Officer (CISO) for Naval Facilities and Engineering Command (NAVFAC) in Washington, D.C. She has earned academic degrees from the U.S. Naval Academy and the National Defense University. Tara currently resides in Colorado with her husband and daughter where they enjoy their mini farm with dogs, chickens and dwarf goats.
Parcourir par canal
Automatisation
Les dernières nouveautés en matière d'automatisation informatique pour les technologies, les équipes et les environnements
Intelligence artificielle
Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement
Cloud hybride ouvert
Découvrez comment créer un avenir flexible grâce au cloud hybride
Sécurité
Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies
Edge computing
Actualité sur les plateformes qui simplifient les opérations en périphérie
Infrastructure
Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde
Applications
À l’intérieur de nos solutions aux défis d’application les plus difficiles
Programmes originaux
Histoires passionnantes de créateurs et de leaders de technologies d'entreprise
Produits
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Services cloud
- Voir tous les produits
Outils
- Formation et certification
- Mon compte
- Assistance client
- Ressources développeurs
- Rechercher un partenaire
- Red Hat Ecosystem Catalog
- Calculateur de valeur Red Hat
- Documentation
Essayer, acheter et vendre
Communication
- Contacter le service commercial
- Contactez notre service clientèle
- Contacter le service de formation
- Réseaux sociaux
À propos de Red Hat
Premier éditeur mondial de solutions Open Source pour les entreprises, nous fournissons des technologies Linux, cloud, de conteneurs et Kubernetes. Nous proposons des solutions stables qui aident les entreprises à jongler avec les divers environnements et plateformes, du cœur du datacenter à la périphérie du réseau.
Sélectionner une langue
Red Hat legal and privacy links
- À propos de Red Hat
- Carrières
- Événements
- Bureaux
- Contacter Red Hat
- Lire le blog Red Hat
- Diversité, équité et inclusion
- Cool Stuff Store
- Red Hat Summit