Red Hat Enterprise Linux 5 running on IBM servers now meets government security standards allowing Linux to be used in homeland security projects and command-and-control operations.
IBM and Red Hat want government and business IT operations that need the highest levels of security to give their combination of Linux systems another look. That's why the companies on Monday are announcing a heightened level of security certification for Red Hat Enterprise Linux 5 running on IBM System x, System p, System z, and BladeCenter servers.
RHEL5 on IBM now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other highly-secure operating systems, the companies said.
RHEL5 running on IBM systems has been given a high level of certification for its ability to enforce access limitations on individual users and data objects. More specifically, the National Security Agency's National Information Assurance Partnership, or NIAP, granted the RHEL5/IBM combo a Common Criteria Evaluation and Validation Scheme rating of Evaluation Assurance Level 4 in three access-control areas: Labeled Security Protection Profile, Controlled Access Protection Profile, and Role-Based Access Control Protection Profile.
Red Hat Enterprise Linux 5, released for general availability earlier this year, contains kernel and Security Enhanced Linux (SELinux) policy features developed through open-source community efforts, led by IBM, with participation from other key contributors, including Red Hat and the federal government. Evaluation Assurance Level 4 "is an assurance level that answers, how far have you gone to prove that the security does what you say it does?" says Dan Frye, IBM's VP of open systems development. While other versions of Red Hat and Novell Suse Linux have achieved EAL 4 certification before, this is the first time a Linux OS has reached this level specifically for its access-control capabilities. Suse Linux Enterprise Sever Version 10 is currently being evaluated for Evaluation Assurance Level 4 for Controlled Access Protection Profile capabilities.
IBM says that its security certification work with Red Hat shouldn't be perceived as a slight against Novell. "This was simply a market choice made by Red Hat," Frye says. "We will work with Novell on this if they choose."
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.