Security is a crucial component of the technology Red Hat provides for its customers and partners, especially those who operate in sensitive environments, including the military.
Given that importance, we are excited to announce that BSI, Germany's federal office for information security, is currently evaluating Red Hat Enterprise Linux 7 for Common Criteria certification, and we’re honored to be working with our hardware partners to certify Red Hat Enterprise Linux 7 on their products. The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. This will be Red Hat’s 16th Common Criteria Certification, reinforcing our commitment to comply with and surpass public sector security standards.
In the Common Criteria scheme, the Evaluation Assurance Level (EAL) represents the depth and rigor of the evaluation, giving consumers the confidence that products certified at a specific level meet the package of security assurance requirements associated with that level. Red Hat Enterprise Linux 7 has been submitted for Common Criteria at EAL 4+, the highest level of assurance for an unmodified commercial operating system. The submission is for both Operating System Protection Profile (OSPP) v3.9 and v2.0 including Advanced Management, Labeled Security, and Enhanced Identity and Authentication extended modules.
The current certification is aiming to achieve two goals. The first is to meet OSPP v3.9 exactly as the National Information Assurance Partnership (NAIP) defined it, helping U.S. government agencies to meet this requirement. The second goal is to certify under OSPP v2.0 at EAL4+, including all capabilities previously certified to the base operating system on Red Hat Enterprise Linux 6, but without the Advanced Audit extended module.
The security function requirements under OSPP v2.0 will enable Security-Enhanced Linux’s (SELinux's) Multi-Level Security (MLS) and Role Based Access Control (RBAC) capabilities to be certified. Additionally, Red Hat will include System Security Services Daemon (SSSD) to authenticate users against remote servers demonstrating enterprise level user management. This will be done in both OSPP v3.9 as NIAP defined it and using the Enhanced Identity and Authentication extended module under OSPP v2.0.
This certification, in tandem with forthcoming FIPS 140-2 and cryptography certification for Red Hat Enterprise Linux 7, will provide users with further confidence that Red Hat Enterprise Linux 7 will meet or exceed government security requirements. The FIPS-140 certifications will include all the updated requirements that NIST has levied such as a new Deterministic Random Byte Generator (DRGB) as specified in SP 800-90a; an updated RSA key generation technique as specified in FIPS 186-4; and updated key sizes and algorithms as specified in SP 800-131a. Red Hat’s current FIPS work will contain all of its previously certified crypto modules and increase the scope to include gnutls and its crypto library, libnettle.
Red Hat encourages customers and partners to visit https://www.bsi.bund.de/EN/Topics/Certification/incertification.html and reference certification BSI-DSZ-CC-0949 to verify the evaluation of Red Hat Enterprise Linux 7 for Common Criteria Certification.
You can find out more about our sustained commitment to Common Criteria and other security certifications at http://www.redhat.com/security and http://www.redhat.com/solutions/government/certifications/.
Sobre el autor
Más similar
Navegar por canal
Automatización
Las últimas novedades en la automatización de la TI para los equipos, la tecnología y los entornos
Inteligencia artificial
Descubra las actualizaciones en las plataformas que permiten a los clientes ejecutar cargas de trabajo de inteligecia artificial en cualquier lugar
Nube híbrida abierta
Vea como construimos un futuro flexible con la nube híbrida
Seguridad
Vea las últimas novedades sobre cómo reducimos los riesgos en entornos y tecnologías
Edge computing
Conozca las actualizaciones en las plataformas que simplifican las operaciones en el edge
Infraestructura
Vea las últimas novedades sobre la plataforma Linux empresarial líder en el mundo
Aplicaciones
Conozca nuestras soluciones para abordar los desafíos más complejos de las aplicaciones
Programas originales
Vea historias divertidas de creadores y líderes en tecnología empresarial
Productos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servicios de nube
- Ver todos los productos
Herramientas
- Training y Certificación
- Mi cuenta
- Soporte al cliente
- Recursos para desarrolladores
- Busque un partner
- Red Hat Ecosystem Catalog
- Calculador de valor Red Hat
- Documentación
Realice pruebas, compras y ventas
Comunicarse
- Comuníquese con la oficina de ventas
- Comuníquese con el servicio al cliente
- Comuníquese con Red Hat Training
- Redes sociales
Acerca de Red Hat
Somos el proveedor líder a nivel mundial de soluciones empresariales de código abierto, incluyendo Linux, cloud, contenedores y Kubernetes. Ofrecemos soluciones reforzadas, las cuales permiten que las empresas trabajen en distintas plataformas y entornos con facilidad, desde el centro de datos principal hasta el extremo de la red.
Seleccionar idioma
Red Hat legal and privacy links
- Acerca de Red Hat
- Oportunidades de empleo
- Eventos
- Sedes
- Póngase en contacto con Red Hat
- Blog de Red Hat
- Diversidad, igualdad e inclusión
- Cool Stuff Store
- Red Hat Summit