Red Hat And IBM Add Security Certification - InformationWeek
Software // Enterprise Applications
01:00 PM
Threat Intelligence Overload?
Aug 23, 2017
A wide range of threat intelligence feeds and services have cropped up keep IT organizations up to ...Read More>>

Red Hat And IBM Add Security Certification

Red Hat Enterprise Linux 5 running on IBM servers now meets government security standards allowing Linux to be used in homeland security projects and command-and-control operations.

IBM and Red Hat want government and business IT operations that need the highest levels of security to give their combination of Linux systems another look. That's why the companies on Monday are announcing a heightened level of security certification for Red Hat Enterprise Linux 5 running on IBM System x, System p, System z, and BladeCenter servers.

RHEL5 on IBM now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other highly-secure operating systems, the companies said.

RHEL5 running on IBM systems has been given a high level of certification for its ability to enforce access limitations on individual users and data objects. More specifically, the National Security Agency's National Information Assurance Partnership, or NIAP, granted the RHEL5/IBM combo a Common Criteria Evaluation and Validation Scheme rating of Evaluation Assurance Level 4 in three access-control areas: Labeled Security Protection Profile, Controlled Access Protection Profile, and Role-Based Access Control Protection Profile.

Red Hat Enterprise Linux 5, released for general availability earlier this year, contains kernel and Security Enhanced Linux (SELinux) policy features developed through open-source community efforts, led by IBM, with participation from other key contributors, including Red Hat and the federal government. Evaluation Assurance Level 4 "is an assurance level that answers, how far have you gone to prove that the security does what you say it does?" says Dan Frye, IBM's VP of open systems development. While other versions of Red Hat and Novell Suse Linux have achieved EAL 4 certification before, this is the first time a Linux OS has reached this level specifically for its access-control capabilities. Suse Linux Enterprise Sever Version 10 is currently being evaluated for Evaluation Assurance Level 4 for Controlled Access Protection Profile capabilities.

IBM says that its security certification work with Red Hat shouldn't be perceived as a slight against Novell. "This was simply a market choice made by Red Hat," Frye says. "We will work with Novell on this if they choose."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll