Red Hat announced further strengthening of Red Hat Enterprise Linux as a platform of choice for users requiring more secure computing, with Red Hat Enterprise Linux 8.1 achieving Common Criteria Certification.
The first major security certification for Red Hat Enterprise Linux 8, this validation emphasizes Red Hat’s commitment to supporting customers that use the world’s leading enterprise Linux platform for critical workloads in classified and sensitive deployments.
For Common Criteria, Red Hat Enterprise Linux 8.1 was certified by the National Information Assurance Partnership (NIAP), with testing and validation completed by Acumen Security, a U.S. government-accredited laboratory.
The platform was tested and validated against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) against version 4.2.1 of the NIAP General Purpose Operating System Protection Profile including Extended Package for Secure Shell (SSH), version 1.0 and is the latest Red Hat Enterprise Linux version to appear on the NIAP Product Compliant List.
Red Hat Enterprise Linux and Evaluation Assurance Levels (EAL)
Previously, Red Hat Enterprise Linux operating systems were certified at EAL4+. The treaty that enables countries to recognize certifications across borders now includes a new Common Criteria Recognition Arrangement that only recognizes up to EAL2.
This treaty also rewrote Protection Profiles across products to be very specific about individual product requirements, documentation and testing procedures. It is now expected that a solution either meets the Protection Profile exactly or does not.
In the previous EAL system, the number (EAL2, EAL4, etc.) distinguished the degree of rigor applied to meeting open-ended requirements.
This revised certification is designed to be more predictable and better suited to an operating system with frequent, predictable minor releases like Red Hat Enterprise Linux, with future platform certifications intended to be aligned with this certification method.
DISA STIG for Red Hat Enterprise Linux 8
Red Hat’s long history of working with government and defense agencies extends beyond Common Criteria validation. Part of this collaboration includes the creation and validation of more secure configurations of the world’s leading enterprise Linux platform for sensitive computing environments.
The Defense Information Systems Agency (DISA) recently published a Secure Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, which offers a configuration roadmap to deploy Red Hat Enterprise Linux 8 with an approved security baseline while still helping to drive innovation across an organization.
Red Hat Consulting has years of experience and specialized expertise in deploying more secure configuration of Red Hat Enterprise Linux in sensitive computing environments. Red Hat Training helps teams master their Linux skills.
“From bare metal servers to expansive hybrid cloud deployments, the operating system is the foundation for modern IT, making platform security even more important when it comes to sensitive environments.
This first Common Criteria certification for Red Hat Enterprise Linux 8 shows that Red Hat continues to maintain crucial IT security certificates for its next-generation operating system as well as the fact that the world’s leading enterprise Linux platform can now provide a more secure and more intelligent platform for critical and classified deployments while retaining the flexibility, scalability and innovation of Linux,” said Paul Smith, senior vice president and general manager, Public Sector, North America, Red Hat.
“Acumen Security congratulates Red Hat on the successful NIAP Common Criteria certification of Red Hat Enterprise Linux 8.1, the first for the Red Hat Enterprise Linux 8 platform.
“This rigorous security evaluation against stringent requirements identified by the National Security Agency under the global Common Criteria Certification Standard demonstrates and confirms Red Hat’s commitment to make CC certified versions of Red Hat Enterprise Linux available to security conscious customers such as the national security-related agencies, finance and healthcare verticals.
“We are honored that Red Hat has once again selected Acumen Security as their security certification partner to achieve this significant milestone that few other operating system vendors in the industry have accomplished,” said Ashit Vora, vice president, Acumen Security.