Software // Enterprise Applications
01:00 PM

Red Hat And IBM Add Security Certification

Red Hat Enterprise Linux 5 running on IBM servers now meets government security standards allowing Linux to be used in homeland security projects and command-and-control operations.

IBM and Red Hat want government and business IT operations that need the highest levels of security to give their combination of Linux systems another look. That's why the companies on Monday are announcing a heightened level of security certification for Red Hat Enterprise Linux 5 running on IBM System x, System p, System z, and BladeCenter servers.

RHEL5 on IBM now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other highly-secure operating systems, the companies said.

RHEL5 running on IBM systems has been given a high level of certification for its ability to enforce access limitations on individual users and data objects. More specifically, the National Security Agency's National Information Assurance Partnership, or NIAP, granted the RHEL5/IBM combo a Common Criteria Evaluation and Validation Scheme rating of Evaluation Assurance Level 4 in three access-control areas: Labeled Security Protection Profile, Controlled Access Protection Profile, and Role-Based Access Control Protection Profile.

Red Hat Enterprise Linux 5, released for general availability earlier this year, contains kernel and Security Enhanced Linux (SELinux) policy features developed through open-source community efforts, led by IBM, with participation from other key contributors, including Red Hat and the federal government. Evaluation Assurance Level 4 "is an assurance level that answers, how far have you gone to prove that the security does what you say it does?" says Dan Frye, IBM's VP of open systems development. While other versions of Red Hat and Novell Suse Linux have achieved EAL 4 certification before, this is the first time a Linux OS has reached this level specifically for its access-control capabilities. Suse Linux Enterprise Sever Version 10 is currently being evaluated for Evaluation Assurance Level 4 for Controlled Access Protection Profile capabilities.

IBM says that its security certification work with Red Hat shouldn't be perceived as a slight against Novell. "This was simply a market choice made by Red Hat," Frye says. "We will work with Novell on this if they choose."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.