Software // Enterprise Applications
01:00 PM
Connect Directly
Repost This

Red Hat And IBM Add Security Certification

Red Hat Enterprise Linux 5 running on IBM servers now meets government security standards allowing Linux to be used in homeland security projects and command-and-control operations.

IBM and Red Hat want government and business IT operations that need the highest levels of security to give their combination of Linux systems another look. That's why the companies on Monday are announcing a heightened level of security certification for Red Hat Enterprise Linux 5 running on IBM System x, System p, System z, and BladeCenter servers.

RHEL5 on IBM now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other highly-secure operating systems, the companies said.

RHEL5 running on IBM systems has been given a high level of certification for its ability to enforce access limitations on individual users and data objects. More specifically, the National Security Agency's National Information Assurance Partnership, or NIAP, granted the RHEL5/IBM combo a Common Criteria Evaluation and Validation Scheme rating of Evaluation Assurance Level 4 in three access-control areas: Labeled Security Protection Profile, Controlled Access Protection Profile, and Role-Based Access Control Protection Profile.

Red Hat Enterprise Linux 5, released for general availability earlier this year, contains kernel and Security Enhanced Linux (SELinux) policy features developed through open-source community efforts, led by IBM, with participation from other key contributors, including Red Hat and the federal government. Evaluation Assurance Level 4 "is an assurance level that answers, how far have you gone to prove that the security does what you say it does?" says Dan Frye, IBM's VP of open systems development. While other versions of Red Hat and Novell Suse Linux have achieved EAL 4 certification before, this is the first time a Linux OS has reached this level specifically for its access-control capabilities. Suse Linux Enterprise Sever Version 10 is currently being evaluated for Evaluation Assurance Level 4 for Controlled Access Protection Profile capabilities.

IBM says that its security certification work with Red Hat shouldn't be perceived as a slight against Novell. "This was simply a market choice made by Red Hat," Frye says. "We will work with Novell on this if they choose."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.