decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


To read comments to this article, go here
RH's Linux Achieves CAPP/EAL3+ Certification on All IBM eServer Systems
Thursday, August 19 2004 @ 12:55 PM EDT

Things have been so busy with motion practice, I missed this press release from IBM and Red Hat from the first day at LinuxWorld, and it's important to have as part of our collection, so we're prepared for the FUD about open source and security. It's also important for people to know, in government and in business, that this level of security certification is now achievable on GNU/Linux systems.

This quotation from the Department of Defense says it all:

"'The Department of Defense commends IBM and Red Hat for their recent Common Criteria evaluation of Red Hat Enterprise Linux 3,' said Gary Zelanko, Chief, Enterprise Integration Advanced Analysis Laboratory, Department of Defense. 'Meeting the EAL3 security standard gives the U.S. Department of Defense a greater assurance level when using commercial technology to build secure information systems for the federal government. We appreciate the significant effort that IBM and Red Hat have undertaken to comply with this international standard and their ongoing commitment to achieving even higher assurance levels.'"

Here is the press release.

*************************

IBM and Red Hat Achieve Common Criteria Security Certification Across All IBM eServer Systems

SAN FRANCISCO, CA -- Aug 3, 2004 -- In a move expected to further enable the adoption of Linux by businesses and governments around the world, Red Hat and IBM today announced they have achieved a new level of security certification for Red Hat across IBM servers.

The announcement was made at the opening of LinuxWorld in San Francisco.

Red Hat Enterprise Linux 3, Update 2 on IBM eServers has achieved Controlled Access Protection Profile compliance under The Common Criteria for Information Security Evaluation (CC), commonly referred to as CAPP/EAL3+. Today's CAPP/EAL3+ achievement crosses the IBM eServer product line, with Red Hat Enterprise Linux WS on xSeries, and Red Hat Enterprise Linux AS on xSeries, iSeries, pSeries, zSeries as well as Opteron-based systems.

"The Department of Defense commends IBM and Red Hat for their recent Common Criteria evaluation of Red Hat Enterprise Linux 3," said Gary Zelanko, Chief, Enterprise Integration Advanced Analysis Laboratory, Department of Defense. "Meeting the EAL3 security standard gives the U.S. Department of Defense a greater assurance level when using commercial technology to build secure information systems for the federal government. We appreciate the significant effort that IBM and Red Hat have undertaken to comply with this international standard and their ongoing commitment to achieving even higher assurance levels."

The Common Criteria (CC) is an internationally recognized ISO standard (ISO/IEC 15408) used by the Federal government and other organizations to assess security and assurance of technology products. The CC provides a standardized way of expressing security requirements and defines the respective set of rigorous criteria by which the product will be evaluated. It is widely recognized among IT professionals, government agencies, and customers as a seal of approval for mission-critical software.

Under Common Criteria, products are evaluated against strict standards for various features, such as the development environment, security functionality, the handling of security vulnerabilities, security related documentation and product testing.

"Red Hat Enterprise Linux has become a standard platform in governments around the world," said Brian Stevens, vice president of Operating Systems Development at Red Hat. "Achieving this latest certification underscores the position of Linux in environments that demand high levels of security. We look forward to working with IBM to expand government deployments of Red Hat Enterprise Linux."

"Today's announcement that Red Hat has achieved a new level of Common Criteria certification is another validation of the high level of security Linux is delivering to businesses and governments alike," said Jim Stallings, general manager, Strategic Growth Initiatives, IBM. "This certification will further drive Linux into the heart of the enterprise and ensure that it is increasingly used in mission critical environments."

CAPP/EAL3+ certification of Linux requires exhaustive testing and review and expands both the functional capabilities and confidence in Linux security. This is achieved through the addition of an auditing subsystem in Red Hat Enterprise Linux 3 that provides auditing of security critical events and through security functions that protect network transmitted data.

The evaluation was completed by atsec information security GmbH, one of the world's leading vendor-independent IT security consulting companies, and accredited in Germany by the Federal Office for Information Security (BSI).

In addition to CAPP/EAL3+ certification, Red Hat and IBM are committed to working in partnership to obtain CAPP/EAL4+ certification for Red Hat across IBM's entire eServer product family.

IBM and Red Hat are committed to supporting the development and certification of Linux and will make available to the open source development community key components of the Common Criteria evaluation.

IBM plans to continue to invest in ongoing certifications for new and existing IBM products. z/VM V5.1, IBM's premier virtualization technology with the RACF for z/VM optional feature, is in evaluation for Common Criteria certification to conform to the requirements of the Labeled Security Protection Profile (LSPP) and the Controlled Access Protection Profile (CAPP), both at EAL3+. z/VM helps enable mainframe customers to run tens to even hundreds of instances of the Linux operating system on a single IBM zSeries server.

z/OS 1.6 with the RACF optional feature, is also in evaluation for Common Criteria certification to conform to the requirements of the LSPP and the CAPP, both at EAL3+. z/OS, IBM's flagship mainframe operating system, provides Labeled Security Protection with multilevel security support. Designed together with DB2 Version 8, this support can provide row-level security labeling in DB2 and protection in z/OS, designed to meet the stringent security requirements for multi-agency access to data.

IBM's suite of middleware products are also in line for Common Criteria certification on Linux. Common Criteria certifications have been awarded to IBM Directory Server, Tivoli Access Manager, and WebSphere MQ. Many other IBM Software products are now in evaluation for Common Criteria certification. Additional IBM Software products are being prepared to enter the evaluation process.

For more information about our current certifications, visit http://www-3.ibm.com/security/standards/st_evaluations.shtml

About Red Hat, Inc.
Red Hat, the world's leading open source and Linux provider, is headquartered in Raleigh, NC with satellite offices spanning the globe. Red Hat is leading Linux and open source solutions into the mainstream by making high quality, low cost technology accessible. Red Hat provides operating system software along with middleware, applications and management solutions. Red Hat also offers support, training and consulting services to its customers worldwide and through top-tier partnerships. Red Hat's Open Source strategy offers customers a long term plan for building infrastructures that are based on and leverage open source technologies with focus on security and ease of management. Learn more: http://www.redhat.com

About IBM
IBM is the world's largest information technology company, with 80 years of leadership in helping businesses innovate. Drawing on resources from across IBM and key IBM Business Partners, IBM offers a wide range of services, solutions and technologies that enable customers, large and small, to take full advantage of the new era of e-business. For more information about IBM and Linux, visit www.ibm.com/linux.


  View Printable Version


Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )