Security is a crucial component of the technology Red Hat provides for its customers and partners, especially those who operate in sensitive environments, including the military.
Given that importance, we are excited to announce that BSI, Germany's federal office for information security, is currently evaluating Red Hat Enterprise Linux 7 for Common Criteria certification, and we’re honored to be working with our hardware partners to certify Red Hat Enterprise Linux 7 on their products. The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. This will be Red Hat’s 16th Common Criteria Certification, reinforcing our commitment to comply with and surpass public sector security standards.
In the Common Criteria scheme, the Evaluation Assurance Level (EAL) represents the depth and rigor of the evaluation, giving consumers the confidence that products certified at a specific level meet the package of security assurance requirements associated with that level. Red Hat Enterprise Linux 7 has been submitted for Common Criteria at EAL 4+, the highest level of assurance for an unmodified commercial operating system. The submission is for both Operating System Protection Profile (OSPP) v3.9 and v2.0 including Advanced Management, Labeled Security, and Enhanced Identity and Authentication extended modules.
The current certification is aiming to achieve two goals. The first is to meet OSPP v3.9 exactly as the National Information Assurance Partnership (NAIP) defined it, helping U.S. government agencies to meet this requirement. The second goal is to certify under OSPP v2.0 at EAL4+, including all capabilities previously certified to the base operating system on Red Hat Enterprise Linux 6, but without the Advanced Audit extended module.
The security function requirements under OSPP v2.0 will enable Security-Enhanced Linux’s (SELinux's) Multi-Level Security (MLS) and Role Based Access Control (RBAC) capabilities to be certified. Additionally, Red Hat will include System Security Services Daemon (SSSD) to authenticate users against remote servers demonstrating enterprise level user management. This will be done in both OSPP v3.9 as NIAP defined it and using the Enhanced Identity and Authentication extended module under OSPP v2.0.
This certification, in tandem with forthcoming FIPS 140-2 and cryptography certification for Red Hat Enterprise Linux 7, will provide users with further confidence that Red Hat Enterprise Linux 7 will meet or exceed government security requirements. The FIPS-140 certifications will include all the updated requirements that NIST has levied such as a new Deterministic Random Byte Generator (DRGB) as specified in SP 800-90a; an updated RSA key generation technique as specified in FIPS 186-4; and updated key sizes and algorithms as specified in SP 800-131a. Red Hat’s current FIPS work will contain all of its previously certified crypto modules and increase the scope to include gnutls and its crypto library, libnettle.
Red Hat encourages customers and partners to visit https://www.bsi.bund.de/EN/Topics/Certification/incertification.html and reference certification BSI-DSZ-CC-0949 to verify the evaluation of Red Hat Enterprise Linux 7 for Common Criteria Certification.
You can find out more about our sustained commitment to Common Criteria and other security certifications at http://www.redhat.com/security and http://www.redhat.com/solutions/government/certifications/.
저자 소개
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.