Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.1 has received nine Federal Information Processing Standard (FIPS) 140-2 security certifications from the U.S. federal government’s National Institute of Standards and Practices (NIST). These certifications, achieved in 2016, emphasize Red Hat’s focus on delivering a more secure foundation for mission-critical systems, building upon Red Hat Enterprise Linux 7.1’s recent achievement of a Common Criteria security certification at Evaluation Assurance Level (EAL) 4+ as the first certified operating system to offer Linux Container Framework Support.
Red Hat understands the varied IT security needs of these organizations, and Red Hat Enterprise Linux’s FIPS 140-2 and Common Criteria EAL4+ certifications provide continued support of our commitment to deliver a highly-secure operating system for environments that require the strictest of protections.
The FIPS 140-2 certification program is a joint initiative between the U.S.-based National Institute for Standards and Technology (NIST) and the Communications Security Establishment (CSE) for the Government of Canada. This internationally recognized certification is mandated by national agencies in the U.S. and Canada and recognized in Europe and Australia. Information systems based on Red Hat Enterprise Linux 7 now have greater assurance that native cryptographic security systems, such as those used to encrypt data and provide more secure communications, have been formally evaluated to meet international cryptography standards.
Red Hat Enterprise Linux 7.1 has achieved FIPS 140-2 certification for the following modules:
The certified Red Hat Enterprise Linux 7.1 modules retain FIPS 140-2 certification when running on these hardware configurations:
HPE ProLiant DL380p Gen8 with PAA
HPE ProLiant DL380p Gen8 without PAA
IBM Power8 Little Endian 8286-41A
IBM z13 (single-user mode)
The U.S. Secretary of Commerce approves standards and guidelines that are developed by NIST for U.S. federal information systems. The FIPS 140 Publication Series coordinates the requirements and standards from cryptographic modules for hardware and software, and in order to achieve FIPS 140-2 validation, cryptographic modules are subjected to rigorous testing by independent, accredited test facilities.
The validation testing for today’s announcement was performed by atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. atsec is an independent company with long-standing experience in international IT security standards.
Paul Smith, vice president and general manager, Red Hat
"Protecting highly-sensitive data, from employee and customer financial data to national security details, is a critical need for modern IT departments, particularly those operating in the public sector. Red Hat understands the varied IT security needs of these organizations, and Red Hat Enterprise Linux’s FIPS 140-2 and Common Criteria EAL4+ certifications provide continued support of our commitment to deliver a highly-secure operating system for environments that require the strictest of protections."
Yi Mao, manager, Cryptographic Security Test Laboratory, atsec information security
"Red Hat endeavors to keep assurances by having a third party lab working with them to perform code inspection and independent testing against rigorous standards in cryptography as well as product security. It has been a dramatic effort for Red Hat to take their stack of cryptographic libraries running on the operating system RHEL 7.1 through FIPS 140-2 validation. Their pursuit for greater security is demonstrated in the wide validation scope and deep understanding of security requirements, and we are honored to be Red Hat’s chosen lab for these FIPS 140-2 certifications and applaud their achievement."
Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to provide reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As a connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT. Learn more at http://www.redhat.com.
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the ability of the Company to compete effectively; the ability to deliver and stimulate demand for new products and technological innovations on a timely basis; delays or reductions in information technology spending; the integration of acquisitions and the ability to market successfully acquired technologies and products; fluctuations in exchange rates; the effects of industry consolidation; uncertainty and adverse results in litigation and related settlements; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; risks related to data and information security vulnerabilities; the ability to meet financial and operational challenges encountered in our international operations; ineffective management of, and control over, the Company's growth and international operations; and changes in and a dependence on key personnel, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission's website at http://www.sec.gov ), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic and political conditions, governmental and public policy changes and the impact of natural disasters such as earthquakes and floods. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of this press release.