- It said that this validation emphasises Red Hat’s commitment to supporting customers that use the enterprise Linux platform for critical workloads in classified and sensitive deployments
- Previously, Red Hat Enterprise Linux operating systems were certified at EAL4+
Red Hat has announced further strengthening of Red Hat Enterprise Linux as a platform of choice for users requiring more secure computing, with Red Hat Enterprise Linux 8.1 achieving Common Criteria Certification. It said that this validation emphasises Red Hat’s commitment to supporting customers that use the enterprise Linux platform for critical workloads in classified and sensitive deployments.
For Common Criteria, Red Hat Enterprise Linux 8.1 was certified by the National Information Assurance Partnership (NIAP), with testing and validation completed by Acumen Security, a U.S. government-accredited laboratory. The platform was tested and validated against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) against version 4.2.1 of the NIAP General Purpose Operating System Protection Profile including Extended Package for Secure Shell (SSH), version 1.0 and is the latest Red Hat Enterprise Linux version to appear on the NIAP Product Compliant List.
Distinguished the degree of rigor applied to meeting open-ended requirements
Previously, Red Hat Enterprise Linux operating systems were certified at EAL4+. The treaty that enables countries to recognise certifications across borders now includes a new Common Criteria Recognition Arrangement that only recognises up to EAL2.
It said, ” This treaty also rewrote Protection Profiles across products to be very specific about individual product requirements, documentation and testing procedures. It is now expected that a solution either meets the Protection Profile exactly or does not. In the previous EAL system, the number (EAL2, EAL4, etc.) distinguished the degree of rigor applied to meeting open-ended requirements. This revised certification is designed to be more predictable and better suited to an operating system with frequent, predictable minor releases like Red Hat Enterprise Linux, with future platform certifications intended to be aligned with this certification method.”
