Red Hat, the world''s leading provider of open source solutions
to the enterprise today announced new accomplishments
as well as a two-year roadmap for security in Red Hat
Enterprise Linux. Work to achieve government security
standards, security certifications and work with the NSA-developed
SELinux lead the list of security initiatives planned
by Red Hat. Red Hat''s goal is to advance industry security
standards and simplify security for customers.
its availability in 2002, Red Hat Enterprise Linux has
achieved important milestones in security standards:
2003 Red Hat Enterprise Linux was the first Linux
platform to achieve Department of Defence (DoD) Defence
Information Systems Agency (DISA) Common Operating
Environment (COE) certification.
February 2004 Red Hat Enterprise Linux was awarded
Common Criteria Evaluation Assurance Level (EAL) 2
February 2004 Red Hat received Mitre certification
for Common Vulnerabilities and Exposures (CVE) compatibility
for Security Advisories.
EAL 2 Certification and Plans for EAL 3 and 4
Last quarter Red Hat Enterprise Linux v. 3 was awarded
Common Criteria Evaluation Assurance Level (EAL) 2 certification
by the UK IT Security Evaluation and Certification Scheme.
The evaluation is in compliance with the U.S. government''s
security policy directives. The Common Criteria Scheme
enables consumers to obtain an impartial assessment
of an IT product by an independent lab. This impartial
assessment, or security evaluation, includes an analysis
of the IT product and the testing of the product for
conformance to a set of security requirements. Security
standards play a critical role in today''s computing
architecture and Red Hat is working to achieve higher
levels of security evaluation with EAL 3 and 4 certification
in future releases of Red Hat Enterprise Linux.
sponsored and worked with Red Hat to submit Red Hat
Enterprise Linux for the EAL 2 security evaluation.
Red Hats completion of the Common Criteria
evaluation at EAL2 allows security-conscious customers
to be assured of using a secure operating system to
run their enterprise applications, said Mary Ann
Davidson, chief security officer, Oracle Corp.
A second security accomplishment for Red Hat is the
certification from Mitre for Common Vulnerabilities
and Exposures (CVE) compatibility for Security Advisories.
CVE aims to standardise the names for all publicly known
vulnerabilities and security exposures to simplify security
practices. Red Hat is the first Linux vendor to be awarded
this certification for security standards.
Most recently made available in March as part of Fedora
Core 2, test 2, Security Enhanced Linux is the most
significant milestone in Red Hat''s security roadmap
for Red Hat Enterprise Linux. Benefits to customers
with an implementation of SELinux will be reduced risk
and exposure to many of the common security vulnerabilities
as well as system access control at a much more granular
level. SELinux will be fully integrated and available
in Red Hat Enterprise Linux v. 4 in early 2005.
certifications and compliance with standards are top
priorities for Red Hat and are key drivers of innovation.
said Paul Cormier, executive vice president of
Red Hat. We are committed to industry standards
and will continue to drive acceptance and adherence
of standards, leading by example.