Laying a foundation for more secure computing: Red Hat Enterprise Linux and Common Criteria

From Linux containers and Kubernetes to edge computing and 5G, modern computing advancements have spread far and wide across the hybrid cloud. But at the center of almost all IT deployments, whether in a core datacenter, at the network’s edge or in the public, is the operating system and, frequently, that operating system is Linux. Red Hat Enterprise Linux (RHEL) remains the world’s leading enterprise Linux platform, and Red Hat is committed to continuing to deliver our flagship operating system as a more secure platform for even the most sensitive workloads.

A big part of maintaining a more secure platform footprint is our work in maintaining a variety of security certifications. Many of Red Hat’s hybrid cloud technologies, from Red Hat OpenShift to Red Hat Storage, rely on RHEL to deliver a trusted foundation that helps drive secure operations across the entire stack. This makes these base components, like Libreswan, GnuTLS, NSS and others, critical to the overall security posture of an IT department...but just being “secure” in the here-and-now is not enough.

To keep pace with the constantly changing world of threats facing IT organizations, Red Hat frequently engages with independent laboratories for security testing and validation of RHEL. This constant testing helps RHEL maintain an extensive set of information security certifications and classifications, including Federal Information Processing Standard 140-2 (FIPS 140-2) and Common Criteria. Recently, in December 2019, we further extended RHEL as a more secure platform for sensitive workloads with the successful re-validation of RHEL 7.6 for FIPS 140-2.

In 2020, we’re continuing this work, with RHEL 7.6 officially entering the In Evaluation phase of Common Criteria testing as of February 6, 2020, and we also intend to submit RHEL 8.1 for Common Criteria evaluation as well in the near future. RHEL 7.6 is being evaluated against version 4.2.1 of the NIAP General Purpose Operating System Protection Profile (OSPP) and progress can be reviewed on the NIAP Products In Evaluation web site.

The operating system forms the heart of more secure enterprise computing, and we are constantly striving to make RHEL the centerpiece of these deployments, regardless of industry or workload.

Mark Thacker is principal product manager, Security Experience, at Red Hat