LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

atsec information security Completes Security Evaluation of RHEL 4

[Posted February 17, 2006 by ris]

From:  "Lee Higgins" <lee-AT-petersgrouppr.com>
To:  <pr-AT-lwn.net>
Subject:  atsec information security Completes First Successful Security Evaluation of Red Hat Enterprise Linux 4
Date:  Fri, 17 Feb 2006 09:49:03 -0600


atsec information security Completes Red Hat Enterprise Linux 4 CAPP/EAL4+
Common Criteria Certification for IBM

First Red Hat Enterprise Linux 4 Evaluation to NIAP CCEVS

AUSTIN, Texas - February 17, 2006 - atsec information security corporation,
an independent, standards-based IT (information technology) security
consulting and evaluation services company, has completed the Common Criteria
(CC) evaluation of Red Hat Enterprise Linux 4 on a range of IBM server
platforms.  

The evaluation of Red Hat Enterprise Linux 4 at Evaluation Assurance Level
(EAL) 4+ is the first successful Linux evaluation at this assurance level
performed under the U.S. NIAP (National Information Assurance Partnership)
CCEVS (Common Criteria Evaluation and Validation Scheme).  This success
builds on atsec's long record of more than 20 successful CC evaluations
including six Linux evaluations on five different Linux platforms at
assurance levels EAL2, EAL3, and EAL4+, performed with several vendors under
both the German BSI (Bundesamt für Sicherheit in der Informationstechnik) and
U.S. CCEVS schemes. 

"atsec and IBM's maturity in evaluating Linux facilitated a smooth and timely
evaluation under the U.S. scheme," said Fiona Pattinson, atsec Common
Criteria lab manager.

The WS and AS distributions of the Red Hat Enterprise Linux 4 operating
system platform were certified by the NIAP CCEVS as conformant to EAL4+ and
the Controlled Access Protection Profile (CAPP), which specifies a set of
security functional and assurance requirements for IT products. 

The scrutiny of Linux continues.  Red Hat Enterprise Linux 5 is in evaluation
at EAL4 including the security functionality defined in three protection
profiles recognized by the Common Criteria: Controlled Access Protection
Profile (CAPP), Labeled Security Protection Profile (LSPP) and Role-Based
Access Control Protection Profile (RBAC).  These profiles support the
requirements of Director of Central Intelligence Directive (DCID) 6/3 at
Protection Level 4, which specifies security intelligence related information
and systems measures, including those necessary for Top Secret and Below
Interoperability (TSABI).

One more significant "first" emerged during the Red Hat Enterprise Linux 4
evaluation.  In order to address the requirements of the CAPP, the audit
subsystem was re-implemented.  In accordance with the collaborative, open
source nature of Linux development, the audit subsystem solution was offered
back to the open source community for discussion and ultimately, acceptance.

"Throughout the history of atsec's Linux evaluation projects, I have been
amazed by the level of support provided by commercial enterprises for the
open source community," said Stephan Mueller, atsec's lead evaluator for
Linux projects since 2004.
"IBM demonstrated its real commitment to the Linux open source community - as
well as to security - by sharing the results of its substantial investment
leading to the Red Hat Enterprise Linux 4 evaluation."

The formal announcement of the successful CAPP/EAL4+ evaluation completion of
Red Hat Enterprise Linux 4 was made at the RSA Conference 2006 in San Jose,
Calif.

# # #


About atsec information security
atsec information security is an independent, standards-based IT (information
technology) security consulting and evaluation services company that combines
a business-oriented approach to information security with in-depth technical
knowledge and global experience.  atsec launched its U.S. business in May
2003, building on extensive success in Europe dating back to 2000.  atsec
leverages its deep security, process, and standards expertise to consult on a
wide range of IT security needs, enabling clients to establish integrated
security management procedures in order to manage security risk and improve
data, product, and business process reliability.  atsec works with leading
global companies such as IBM, HP, BMW, SGI, Swisscom, RWE, and Vodafone.  For
more information, please visit www.atsec.com.

Media Contact
Lee Higgins, lee@petersgroupPR.com
PetersGroup Public Relations
(512) 794-8600

??

??

??

??
(Log in to post comments)

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds