Red Hat Enterprise Linux 7.6 has achieved Common Criteria Certification as well as Commercial Solutions for Classified (CSfC) Status.
According to the company, these validations show Red Hat’s commitment to supporting customers that use the world’s leading enterprise Linux platform for critical workloads in classified and sensitive deployment scenarios.
For Common Criteria, Red Hat Enterprise Linux 7.6 was certified by the National Information Assurance Partnership (NIAP), with testing and validation completed by Acumen Security, a U.S. government-accredited laboratory.
The platform was tested and validated against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) against version 4.2.1 of the NIAP General Purpose Operating System Protection Profile and is the latest Red Hat Enterprise Linux version to appear on the NIAP Product Compliant List.
Additionally, Red Hat Enterprise Linux 7.6 is now an approved TLS Protected Server component for Commercial Solutions for Classified (CSfC) solutions and is included in the CSfC TLS Protected Servers Components List.
This program enables commercial products to be used in layered solutions protecting National Security System (NSS) data.
Previously, Red Hat Enterprise Linux operating systems were certified at EAL4+. The treaty that enables countries to recognize certifications across borders now includes a new Common Criteria Recognition Arrangement that only recognizes up to EAL2.
This treaty also rewrote Protection Profiles across products to be very specific about individual product requirements, documentation and testing procedures. It is now expected that a solution either meets the Protection Profile exactly or does not.
Red Hat Enterprise Linux 8.1 is now officially “In Evaluation” for Common Criteria certification as well.