From FIPS 140-3 to Common Criteria to DISA STIGs, Red Hat is constantly pursuing the next iteration of compliance for our customers. Red Hat’s mission has long been to bring community innovation to enterprise organizations, packaged in a hardened, production-ready form. This isn’t just about packaging and testing, however; we take extra steps to bring these emerging capabilities in-line with some of the most stringent secure computing standards and requirements in the world. Innovation by itself isn’t enough for public sector agencies or the companies that serve these organizations. Instead, open innovation must be paired with a proven commitment driving security-enhanced computing.
This isn’t a one-off effort for Red Hat, nor do we only pursue a single validation at a time. We consider standards compliance as a continuum, with dozens of efforts in flight at any given time. These pursuits take months, if not years, to achieve, especially as platforms grow in complexity and scope. With so many compliance efforts active, we wanted to provide a snapshot of some of these key projects to highlight our continued commitment to enabling secure, compliant computing in the public sector.
Common Criteria
A globally accepted standard, Common Criteria provides assurance that the processes around an IT product, from vendor claims to testing, prove that it truly does meet the needs of security-conscious computing. Red Hat Enterprise Linux (RHEL), the world’s leading enterprise Linux platform, forms the foundation of our Common Criteria efforts. Both RHEL 8.6 and RHEL 9.0 are now certified for Common Criteria, and are posted on the NIAP Product Compliant List. We are currently in the process of planning the next RHEL release to receive Common Criteria certification. We are also extending the hardware platforms that we use for Common Criteria validation by adding IBM Z15 to our RHEL 8.6 certification and IBM Z16 and IBM Power 10 for RHEL 9.0 certification.
Federal Information Processing Standards (FIPS)
FIPS 140-2 and 140-3 provide validation that the cryptographic tools in a given piece of software are implementing their respective algorithms properly. Because many Red Hat products use the same cryptographic binaries, a single certification can carry through to other Red Hat products and product versions with an unmodified binary. Given the wide range of choices that our customers have with RHEL, we will continue to submit versions of both RHEL 8 and RHEL 9 for FIPS review.
For RHEL 8, we also remain committed to both FIPS 140-2 and FIPS 140-3 evaluations, as FIPS 140-2 will continue to be viable until September 21, 2026. The RHEL 8.6 OpenSSL certificate has been issued, and IBM z15, IBM Power 9 and IBM Power 10 have been added as validated hardware for RHEL 8 FIPS certifications. We plan to continue with RHEL 8.8 for FIPS evaluation in the near future, including the update of RHEL 8.6 OpenSSL module.
With RHEL 9, we are focusing on FIPS 140-3. RHEL 9.0 is on the Modules In Process list, while RHEL 9.2 is either on the Implementation Under Test list or submitted and already on the Modules In Process list.
USGv6
USGv6 is the National Institute of Standards and Technology cross-agency effort to provide underlying processes, tools, measurement and more for IPv6 adoption in the U.S. federal government. Even though IPv6 is not specifically a security compliance standard for the US federal government, we are fully committed to achieving this. Both RHEL 8.6 and RHEL 9.0 listed on the USGv6-r1 Product Registry. Our plan is to continue on this listing with both RHEL 8.8 and RHEL 9.2.
DISA STIG
The Defense Information Systems Agency (DISA) provides Secure Technical Implementation Guides (STIGs) for IT components used in sensitive or security-forward computing operations in U.S. federal government and defense agencies. STIGs are an important part of maintaining a more secure IT landscape, and we’re pleased to highlight that DISA published the STIGs for Red Hat Enterprise Linux 9, Red Hat OpenShift, and Red Hat Ansible Automation Platform in 2023. Formal release of this guidance enables customers to begin production deployments of these solutions in sensitive IT environments.
Building towards the next-generation of IT security standards and compliance doesn’t stop at Red Hat. Behind the scenes, we’re constantly testing, analyzing and assessing our code above and beyond the already extensive hardening we do across our hybrid cloud portfolio. Security isn’t a point in time concept for Red Hat, and our work here shows our continued commitment to delivering technologies that comply with an incredibly broad set of critical regulations.
저자 소개
Tara is a security compliance and risk management enthusiast, working across the organization and with partners to identify and control security risk. Tara joined Red Hat and the private sector in February 2020, after gaining experience as a 10-year federal civilian employee, most recently serving as the Cybersecurity Director and Command Information Security Officer (CISO) for Naval Facilities and Engineering Command (NAVFAC) in Washington, D.C. She has earned academic degrees from the U.S. Naval Academy and the National Defense University. Tara currently resides in Colorado with her husband and daughter where they enjoy their mini farm with dogs, chickens and dwarf goats.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.