Red Hat And IBM Add Security Certification - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Red Hat And IBM Add Security Certification

Red Hat Enterprise Linux 5 running on IBM servers now meets government security standards allowing Linux to be used in homeland security projects and command-and-control operations.

IBM and Red Hat want government and business IT operations that need the highest levels of security to give their combination of Linux systems another look. That's why the companies on Monday are announcing a heightened level of security certification for Red Hat Enterprise Linux 5 running on IBM System x, System p, System z, and BladeCenter servers.

RHEL5 on IBM now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other highly-secure operating systems, the companies said.

RHEL5 running on IBM systems has been given a high level of certification for its ability to enforce access limitations on individual users and data objects. More specifically, the National Security Agency's National Information Assurance Partnership, or NIAP, granted the RHEL5/IBM combo a Common Criteria Evaluation and Validation Scheme rating of Evaluation Assurance Level 4 in three access-control areas: Labeled Security Protection Profile, Controlled Access Protection Profile, and Role-Based Access Control Protection Profile.

Red Hat Enterprise Linux 5, released for general availability earlier this year, contains kernel and Security Enhanced Linux (SELinux) policy features developed through open-source community efforts, led by IBM, with participation from other key contributors, including Red Hat and the federal government. Evaluation Assurance Level 4 "is an assurance level that answers, how far have you gone to prove that the security does what you say it does?" says Dan Frye, IBM's VP of open systems development. While other versions of Red Hat and Novell Suse Linux have achieved EAL 4 certification before, this is the first time a Linux OS has reached this level specifically for its access-control capabilities. Suse Linux Enterprise Sever Version 10 is currently being evaluated for Evaluation Assurance Level 4 for Controlled Access Protection Profile capabilities.

IBM says that its security certification work with Red Hat shouldn't be perceived as a slight against Novell. "This was simply a market choice made by Red Hat," Frye says. "We will work with Novell on this if they choose."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
8 AI Trends in Today's Big Enterprise
Jessica Davis, Senior Editor, Enterprise Apps,  9/11/2019
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Flash Poll