atsec information security and IBM to Make Red Hat Linux a Government Certified, Trusted Operating System

AUSTIN, Texas – October 18, 2005 – atsec information security corporation, an independent, standards-based information technology (IT) security consulting and evaluation services company, is working with IBM to perform a Common Criteria evaluation of Red Hat Enterprise Linux v.5 on a broad range of IBM eServer systems. As sponsor of the certification, IBM chose atsec because of the company’s proven success in evaluating enterprise Linux products at progressive levels of assurance since 2003.

“IBM’s long, successful association with atsec convinced us that atsec is the right partner to work with us in achieving this important milestone demonstrating Linux maturity and suitability for assured information sharing in complex enterprise environments,” said Dan Frye, vice president, Linux Technology Center, IBM.

The Common Criteria evaluation is a joint effort between atsec and IBM. Red Hat, the world’s leading provider of open source solutions to the enterprise and Trusted Computer Solutions, Inc. (TCS), a leading supplier of information sharing technologies to the Department of Defense, the intelligence community and commercial industry, were also involved in the development of the product. The Common Criteria standard is an internationally-recognized standard used by the federal government and other organizations to assess security and assurance of information technology products.

“atsec is very pleased to have the opportunity to contribute again to demonstrating the enterprise operating system capability of Linux,” said Fiona Pattinson, project manager at atsec. “From our first-ever Linux evaluation at EAL2 in August 2003, through many subsequent evaluations of Linux at increasing assurance levels, atsec has been and continues to be the industry leader in Linux evaluations.”

Red Hat Enterprise Linux v.5 is in evaluation at Evaluation Assurance Level 4 (EAL4) including the security functionality defined in three protection profiles recognized by the Common Criteria: Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP) and Role-Based Access Control Protection Profile (RBAC). These profiles support the requirements of Director of Central Intelligence Directive (DCID) 6/3 at Protection Level 4, which specifies security intelligence related information and systems measures, including those necessary for Top Secret and Below Interoperability (TSABI).

Upon completion of the evaluation, Red Hat Enterprise Linux will have achieved a level of security previously reached by only a handful of trusted operating systems, providing security capabilities for commercial operating systems. The certification of Red Hat Linux will offer the government and businesses an unprecedented choice for security applications.

About atsec information security

atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec launched its U.S. business in May 2003, building on extensive success in Europe dating back to 2000. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Audi, Philips, Siemens, T-Mobile, Sony Ericsson, and Vodafone. For more information, please visit www.atsec.com.