Security is a crucial component of the technology Red Hat provides for its customers and partners, especially those who operate in sensitive environments, including the military.
Given that importance, we are excited to announce that BSI, Germany's federal office for information security, is currently evaluating Red Hat Enterprise Linux 7 for Common Criteria certification, and we’re honored to be working with our hardware partners to certify Red Hat Enterprise Linux 7 on their products. The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. This will be Red Hat’s 16th Common Criteria Certification, reinforcing our commitment to comply with and surpass public sector security standards.
In the Common Criteria scheme, the Evaluation Assurance Level (EAL) represents the depth and rigor of the evaluation, giving consumers the confidence that products certified at a specific level meet the package of security assurance requirements associated with that level. Red Hat Enterprise Linux 7 has been submitted for Common Criteria at EAL 4+, the highest level of assurance for an unmodified commercial operating system. The submission is for both Operating System Protection Profile (OSPP) v3.9 and v2.0 including Advanced Management, Labeled Security, and Enhanced Identity and Authentication extended modules.
The current certification is aiming to achieve two goals. The first is to meet OSPP v3.9 exactly as the National Information Assurance Partnership (NAIP) defined it, helping U.S. government agencies to meet this requirement. The second goal is to certify under OSPP v2.0 at EAL4+, including all capabilities previously certified to the base operating system on Red Hat Enterprise Linux 6, but without the Advanced Audit extended module.
The security function requirements under OSPP v2.0 will enable Security-Enhanced Linux’s (SELinux's) Multi-Level Security (MLS) and Role Based Access Control (RBAC) capabilities to be certified. Additionally, Red Hat will include System Security Services Daemon (SSSD) to authenticate users against remote servers demonstrating enterprise level user management. This will be done in both OSPP v3.9 as NIAP defined it and using the Enhanced Identity and Authentication extended module under OSPP v2.0.
This certification, in tandem with forthcoming FIPS 140-2 and cryptography certification for Red Hat Enterprise Linux 7, will provide users with further confidence that Red Hat Enterprise Linux 7 will meet or exceed government security requirements. The FIPS-140 certifications will include all the updated requirements that NIST has levied such as a new Deterministic Random Byte Generator (DRGB) as specified in SP 800-90a; an updated RSA key generation technique as specified in FIPS 186-4; and updated key sizes and algorithms as specified in SP 800-131a. Red Hat’s current FIPS work will contain all of its previously certified crypto modules and increase the scope to include gnutls and its crypto library, libnettle.
Red Hat encourages customers and partners to visit https://www.bsi.bund.de/EN/Topics/Certification/incertification.html and reference certification BSI-DSZ-CC-0949 to verify the evaluation of Red Hat Enterprise Linux 7 for Common Criteria Certification.
You can find out more about our sustained commitment to Common Criteria and other security certifications at http://www.redhat.com/security and http://www.redhat.com/solutions/government/certifications/.
Sull'autore
Altri risultati simili a questo
Ricerca per canale
Automazione
Novità sull'automazione IT di tecnologie, team e ambienti
Intelligenza artificiale
Aggiornamenti sulle piattaforme che consentono alle aziende di eseguire carichi di lavoro IA ovunque
Hybrid cloud open source
Scopri come affrontare il futuro in modo più agile grazie al cloud ibrido
Sicurezza
Le ultime novità sulle nostre soluzioni per ridurre i rischi nelle tecnologie e negli ambienti
Edge computing
Aggiornamenti sulle piattaforme che semplificano l'operatività edge
Infrastruttura
Le ultime novità sulla piattaforma Linux aziendale leader a livello mondiale
Applicazioni
Approfondimenti sulle nostre soluzioni alle sfide applicative più difficili
Serie originali
Raccontiamo le interessanti storie di leader e creatori di tecnologie pensate per le aziende
Prodotti
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servizi cloud
- Scopri tutti i prodotti
Strumenti
- Formazione e certificazioni
- Il mio account
- Supporto clienti
- Risorse per sviluppatori
- Trova un partner
- Red Hat Ecosystem Catalog
- Calcola il valore delle soluzioni Red Hat
- Documentazione
Prova, acquista, vendi
Comunica
- Contatta l'ufficio vendite
- Contatta l'assistenza clienti
- Contatta un esperto della formazione
- Social media
Informazioni su Red Hat
Red Hat è leader mondiale nella fornitura di soluzioni open source per le aziende, tra cui Linux, Kubernetes, container e soluzioni cloud. Le nostre soluzioni open source, rese sicure per un uso aziendale, consentono di operare su più piattaforme e ambienti, dal datacenter centrale all'edge della rete.
Seleziona la tua lingua
Red Hat legal and privacy links
- Informazioni su Red Hat
- Opportunità di lavoro
- Eventi
- Sedi
- Contattaci
- Blog di Red Hat
- Diversità, equità e inclusione
- Cool Stuff Store
- Red Hat Summit