Government »

Certifications & Accreditations

Overview

Red Hat is committed to providing secure and stable software that can be easily used in security-sensitive environments. We work closely with US Government customers and security specialists to ensure that Red Hat products are certified for government use, and are easily accredited by the appropriate authorities.

Red Hat Enterprise Linux, for instance, is the most certified operating system available today. Through its history, Red Hat Enterprise Linux has passed the Common Criteria process 13 times on four different hardware platforms. Red Hat Enterprise Linux 5 has even received Common Criteria certification at Enterprise Assurance Level 4 (EAL 4+) under the Controlled Access Protection Profile (CAPP), Label Security Protection Profile (LSPP) and the Role-Based Access Control Protection Profile (RBACPP), providing a level of security and a feature set that was previously unheard-of from a mainstream operating system.

Our JBoss Enterprise Middleware solutions include support for common middleware security standards, and both the JBoss Enterprise Application Platform and MetaMatrix Data Services Platform are Common Criteria certified at EAL 2+.

You can find a complete matrix of the Red Hat products and standards in the table at the bottom of this page. In addition to these, we offer a number of services to help our government customers meet their requirements.

Red Hat Mailing Lists

US government and contractors may be interested in the Red Hat Government Security mailing list, a moderated forum for Red Hat users in the information assurance and certification/accreditation community:

https://www.redhat.com/mailman/listinfo/gov-sec

Red Hat Security Training and Certifications

Red Hat provides a number of security-specific courses, and also provides a formal certification program for systems engineers working in the security field. For more information about the Red Hat Certified Security Specialist (RHCSS) certification, visit:

https://www.redhat.com/training/security/courses/

Certification and Accreditation Tables


Red Hat Enterprise Linux (RHEL)

  RHEL 4 RHEL 5 RHEL 6
Common Criteria
EAL 3+/CAPP		 HP (report, target)
SGI (report, target)
Unisys (report, target) 		- -
Common Criteria
EAL 4+/CAPP		 IBM (report, target) - -
Common Criteria
EAL 4+/CAPP/RBACPP/LSPP		 - Dell (report, target)
HP (report, target)
IBM (report, target)
SGI (report, target) 		-
In Evaluation for Common Criteria - BSI-DSZ-CC-0724, includes virtualization BSI-DSZ-CC-0754, includes virtualization
Directorate of Central Intelligence Directive (DCID) 6/3 PL3+. See your Red Hat account manager for more details and sign up for the gov-sec mailing list.
DISA Security Technical Implementation Guides (STIG) There are many options for meeting the STIG requirements. See your Red Hat account manager for more details and sign up for the gov-sec mailing list.
FIPS 140-2 NSS (Cert. #814, #815, #1293, #1280) The following modules are in evaluation:
  • kernel crypto API
  • libgcrypt
  • openswan
  • OpenSSH Client
  • OpenSSH Server
  • OpenSSL
OVAL See the Red Hat Security OVAL Webpage
NISPOM Chapter 8 See NISPOM Chapter 8 Knowledge Base Article
Section 508 Accessibility VPAT for RHEL 4 VPAT for RHEL 5 VPAT for RHEL 6

Red Hat Identity and Management Products

  Red Hat Certificate System Red Hat Network Satellite Server 5
Common Criteria
EAL 4+		 EAL4+ -
Section 508 Accessibility - VPAT for RHN Satellite Server 5

JBoss Middleware

  MetaMatrix Data Services Platform v5.5.3 JBoss Enterprise Application Platform (EAP) v4.3
Common Criteria
EAL 2 augmented by ALC_FLR.3		 EAL2 EAL2