Software
HP earns Common Criteria certification for Red Hat Linux on its hardware
U.S. government procurement requires security program
HP says a broad range of its computer hardware running Red Hat Enterprise Linux 5 has been examined and certified as compliant under the international Common Criteria product-evaluation program backed by the U.S. government and sometimes required for government technology acquisitions.
Related links
Clear Choice test: Red Hat’s Enterprise Linux 5
3/14/07
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
HP’s Integrity, ProLiant, and BladeSystem platforms, as well as workstations and desktops, have received the Evaluation Assurance Level 4 (EAL4+) Common Criteria security certification for Red Hat Enterprise Linux 5, the version of the operating system released last March. EAL4+ is the highest level of security that unmodified commercial software can achieve. Higher rankings to level 7 typically involve highly customized systems designed for maximum-security government purposes.
However, Erik Lillestolen, program manager for open source and Linux at HP, noted that the Xen-based technology for virtualization that’s part of Red Hat Linux 5, was not tested under the Common Criteria program.
“Nobody has included the virtualization technology yet,” he added about the Common Criteria security-evaluation program, which is backed by several countries as a multinational testing regimen.
HP submitted its computer gear for evaluation at Atsec, a certified lab under the U.S. government program known as the National Information Assurance Partnership (NIAP), a collaborative effort among the National Institute of Standards and technology (NIST) and the National Security Agency (NSA) which administers the Common Criteria program in the United States.
The EAL4+ certification level for unmodified commercial products assures that they work with security “profile” requirements, such as the Controlled Access Protection Profile, the Role-based Access Control protection Profile and the labeled Security protection profile. Lillestolen noted that the lab review entailed an inspection of source code and evaluation of how software performed on hardware platforms.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.