RHEL 5 going for Common Criteria EAL 4 rating
RHEL 5 going for Common Criteria EAL 4 rating
Posted Sep 27, 2005 19:37 UTC (Tue) by ncm (guest, #165)In reply to: RHEL 5 going for Common Criteria EAL 4 rating by drag
Parent article: RHEL 5 going for Common Criteria EAL 4 rating
"it should make it much easier to get government contracts in many situations."
That's the entire point. This isn't about security, this is about getting Free Software into the bidding pool. Unfortunately a certified RHEL wouldn't give anybody (except RH themselves) a bidding advantage, unless the bid were on a lot more than just the hardware and OS.
Posted Sep 27, 2005 19:55 UTC (Tue)
by bojan (subscriber, #14302)
[Link] (2 responses)
Maybe you haven't heard, but RHEL is an open source operating system. You are free to take the code (that's already been certified) and run certification for your own flavour you're building from it. I reckon that's a huge advantage for *all* Linux distros, not just Red Hat.
Posted Sep 29, 2005 4:03 UTC (Thu)
by lutchann (subscriber, #8872)
[Link] (1 responses)
Posted Sep 29, 2005 5:30 UTC (Thu)
by bojan (subscriber, #14302)
[Link]
For instance, if CentOS wanted to certify their version 5, it would be much easier for them to do so (in terms of work required) once RHEL5 gets certified. No proprietary OS can claim the same. In other words, even in the certification space, the barrier to entry is reduced through open source.
Posted Sep 27, 2005 22:28 UTC (Tue)
by veillard (guest, #31604)
[Link] (2 responses)
I think the certification is only for a specific software on a specific
DV
Posted Sep 27, 2005 22:37 UTC (Tue)
by drag (guest, #31333)
[Link] (1 responses)
see:
Posted Sep 29, 2005 19:57 UTC (Thu)
by kweidner (guest, #6483)
[Link]
FYI, you can get the official lists of evaluated products and products in evaluation directly, no need to dig for old press releases ;)
Mandatory Access Control (MAC) means that the OS enforces restrictions and users can't override them. For example, you can't copy a file marked "secret" to an insecure device even if you own the file. By contrast, users can change the standard filesystem permissions (aka Discretionary Access Control or DAC) and give read or write access to others for files they own.
MAC is potentially interesting even outside government environments since it can protect against malicious software - for example it could ensure that your web browser cannot read your financial data even if an attacker has full control over it due to a security flaw.
> Unfortunately a certified RHEL wouldn't give anybody (except RH themselves) a bidding advantageRHEL 5 going for Common Criteria EAL 4 rating
The whole product is certified, not just chunks of code. Having RHEL certified will make it easier for other vendors to get certified (although there's a lot to the certification package which won't be available under an open source license, particularly documentation) but any individual components you extract and put in another similar-but-slightly-different environment will have no special status what-so-ever.RHEL 5 going for Common Criteria EAL 4 rating
Of course, but consider this. If you are building an OS and want it EAL 4 certified, does the fact that Windows is certified help you? Not much. If you are building an open source operating system, maybe even based on RHEL5 source, does the fact that it is certified help you? A lot more - you have the same source!RHEL 5 going for Common Criteria EAL 4 rating
Hi ncm :-)RHEL 5 going for Common Criteria EAL 4 rating
hardware platform, so in a sense this is limited. But this is still a
very important step to see *one* Linux distro get there.
Well I bet you'd be happy to know that Suse has had a EAL4 certification for some time now. :)RHEL 5 going for Common Criteria EAL 4 rating
http://www.heise.de/english/newsticker/news/56451
This is different, the SUSE evaluation used the CAPP profile (same as the MS Windows evaluation mentioned here), and the new RH evaluation will be adding LSPP and RBAC for mandatory access control and role based security, making it comparable to Trusted Solaris and similar systems.
RHEL 5 going for Common Criteria EAL 4 rating