Red Hat Continues Public Sector Security Leadership

November 8, 2006; 09:47 AM
Red Hat, the world's leading provider of open source, today announced at the 2nd Annual Red Hat Government User Conference that it has partnered with Tresys Technology to enhance the services backing Security-Enhanced Linux-based Red Hat Enterprise Linux and has enhanced its security evaluation program, reinforcing its commitment to IT security for public sector customers. Red Hat's commitment to security evaluations and innovation have long positioned the company as a leader in delivering secure, independently evaluated software to organizations in the public and private sectors. Recent Common Criteria evaluations bring the total number of independent security certifications to five for Red Hat Enterprise Linux across eight major hardware platforms.

Red Hat has partnered with Tresys Technology, a principal open source contributor to Security Enhanced Linux (SELinux), to deliver services for SELinux. Building upon their extensive open source technology and unmatched experience using SELinux to build secure systems, Tresys is developing a series of products that make it easier to use the power of SELinux. The partnership with Tresys will give Red Hat public sector customers the services they need to integrate SELinux and enhanced security functionality required to protect platforms at their core, using approaches such as Mandatory Access Control (MAC). The ability to be able to contain security breaches, significantly impacts the development of technology systems that meet public sector security needs.

“This is an important announcement which shows how both government and business can take security to the next level. As public sector agencies, along with the Department of Defense (DoD) and Intelligence Community, strive to deliver new solutions quickly and with enhanced functionality, compromised security is not an option,” said Paul Smith, Red Hat’s vice president of government operations.

"SELinux is the best security technology available," said Frank Mayer, President/CTO Tresys Technology. "This partnership with Red Hat enables us to expand the application of SELinux flexible mandatory access controls to greatly enhance the security of even more business applications. With this technology, government and business organizations can contain hackers, protect their assets and applications, and minimize damage by malicious users and programs.”

Red Hat has also announced its continued commitment to security evaluation leadership through Common Criteria evaluations. Common Criteria is an internationally recognized set of guidelines (ISO/ISE 15408), which define a common infrastructure for IT security products. The standard consists of several predetermined assurance levels that the vendor can choose to be tested against, each one more stringent than the last. The evaluation process is rigorous and can take months or years to complete. Once achieved, Common Criteria certifications are mutually accepted by 21 countries, including the United States government, regardless of what country the product was validated in.

To date, Red Hat has successfully completed Common Criteria Evaluations at EAL3+/Controlled Access Protection Profile (CAPP) for the following products, in partnership with Hewlett Packard (HP): Red Hat Enterprise Linux v.4, Update 2 was evaluated on all Red Hat certified HP ProLiant Servers, HP Integrity Servers, HP Carrier Grade Servers, and HP Workstations. Also, Red Hat partnered with SGI for evaluation of Red Hat Enterprise Linux 4 on the SGI® Altix® server platform at EAL 3+/CAPP. All the evaluations were completed by atsec information security corporation and certified by the US National Information Assurance Partnership (NIAP).

In addition, Red Hat recently completed Common Criteria Evaluations, in partnership with IBM, at CAPP/EAL4 -- the highest level generally achieved by commercial software: Red Hat Enterprise Linux v.4 on six platforms including Red Hat Enterprise Linux WS on IBM xSeries, and Red Hat Enterprise Linux AS on IBM xSeries, iSeries, pSeries, zSeries, as well as Opteron-based systems. The evaluation was completed by atsec information security corporation and certified by NIAP.

Continuing Red Hat’s dedication to the company’s security evaluation program, both HP and IBM have submitted the upcoming Red Hat Enterprise Linux 5 for EAL 4+/CAPP, Labeled Security Protection Profile (LSPP) and Role-Based Access Controls (RBAC) evaluation.

"Government agencies are transforming the way they integrate, access and share information. As a recognized global standard, Common Criteria certification provides government agencies and commercial enterprises with proven third-party assurance that our solutions can meet the toughest demands of mission-critical security environments," said Smith. "As the federal government increases its use of solutions that are securely integrated, the importance of NIAP Common Criteria certification will continue to increase. With 5 certifications and 2 more evaluations underway, Red Hat has demonstrated commitment to delivering solutions that are supported and validated by rigorous international technology standards.”

To learn more about the Red Hat’s security road map and public sector solutions, please visit http://www.redhat.com/solutions/industries/government/.

About Red Hat, Inc.

Red Hat, the world's leading open source solutions provider, is headquartered in Raleigh, NC with satellite offices spanning the globe. CIOs and other senior-level IT executives have ranked Red Hat as the industry's most valued vendor for two consecutive years in the CIO Insight Magazine Vendor Value study. Red Hat is leading Linux and open source solutions into the mainstream by making high-quality, low-cost technology accessible. Red Hat provides an operating system platform, Red Hat Enterprise Linux, along with applications, management, and middleware solutions, including JBoss Enterprise Middleware Suite. Red Hat is accelerating the shift to service-oriented architectures and enabling the next generation of web-enabled applications running on a low-cost, secure open source platform. Red Hat also offers support, training and consulting services to its customers worldwide and through top-tier partnerships. Red Hat's open source strategy offers customers a long term plan for building infrastructures that are based on and leverage open source technologies with a focus on security and ease of management. Learn more: http://www.redhat.com