Red Hat goes for Common Criteria approval

Paul Harper pjharper at yahoo.com
Tue Oct 4 13:37:09 CDT 2005


I've said this before on the Ubuntuforums. For Ubuntu
or other Debian based systems to get selected for
mission critical tasks it will have to undergo common
criteria certification. A lot of government
departments are NOT ALLOWED to use stuff that is not
certified by the Common Criteria.

The Common Criteria determines a lot of IT purchases
in the OECD. These organisations are part of the
Criteria.

http://www.commoncriteriaportal.org/public/consumer/index.php?menu=6

Otherwise the field will be left to Red Hat and
Novell!


http://www.ictworld.co.za/EditorialEdit.asp?EditorialID=24525

Red Hat goes for Common Criteria approval

Date: Friday, September 30, 2005
	
Issue: One Hundred and Fifty Six (26/09-30/09)
(ICT World)
Category: Global News

	
Matthew Broersma, Techworld.com
Red Hat has joined with IBM and software maker Trusted
Computer Solutions (TCS) to enter Red Hat Enterprise
Linux (RHEL) for evaluation under the Common Criteria
security scheme.

Red Hat expects its upcoming RHEL 5 to achieve
Evaluation Assurance Level 4 (EAL 4), the highest
level generally achieved by commercial software.

 

The Common Criteria is an ISO standard recognised by
more than a dozen national governments, as well as
large businesses with stringent security requirements.
The increasing levels of certification achieved by
Linux distributions are an important milestone for the
platform's maturity, because many organisations cannot
run software that does not have the right
certification.

 

Red Hat says that it is building a number of extra
security features into RHEL 5 that will make it more
secure than any other open source operating system.
"Red Hat Enterprise Linux will join an exclusive
community of trusted operating systems that have
achieved this level of security," says TCS COO, Ed
Hammersla.

 

The companies did not give specifics on the new
security features of RHEL 5, but say that it will
include kernel improvements and Security Enhanced
Linux (SELinux) policy improvements, developed by IBM,
Red Hat, TCS and the Linux developer community. TCS'
technology until now has only run on proprietary Unix
systems. RHEL 5 will not appear until late 2006, but
the features are already available in TCS' commercial
products, the companies say.

 

Red Hat is being evaluated on IBM hardware for three
protection profiles, Labelled Security Protection
Profile (LSPP), Controlled Access Protection Profile
(CAPP), and Role-Based Access Control Protection
Profile (RBAC).

 

Common Criteria  does not itself guarantee that an
operating system is secure, but is rather a
documentation program making it possible for
organisations to verify that software reaches a
certain level of security. Microsoft achieved EAL 4
certification for Windows 2000 in 2003. No open source
software was able to compete at that level until
Novell's SuSE Linux achieved an EAL 4+ rating in
February of this year, after a process also sponsored
by IBM. A year earlier SuSE had beaten Red Hat to EAL
3+ certification.

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved.
-Confucius


		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com



More information about the sounder mailing list