Red Hat Enterprise Linux KVM has been awarded the Common Criteria Certification at Evaluation Assurance Level (EAL) 4+ – the highest level of assurance for an unmodified commercial operating system – for the Operating System Protection Profile (OSPP) including extended modules for Advanced Management, Advanced Audit, Labeled Security, and Virtualization for Red Hat Enterprise Linux 6 on Dell, HP, IBM and SGI hardware.
In addition, Red Hat announced separately that Red Hat Enterprise Linux 6 has met the National Institute of Standards and Technology’s USGv6 evaluation requirements.
The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. In the Common Criteria scheme, EAL represents the depth and rigor of the evaluation, giving consumers the confidence that products specified at a specific level meet the package of security assurance requirements associated with that level. This certification provides government agencies, financial institutions, and customers in other security-sensitive environments the assurance that Red Hat Enterprise Linux 6 meets government security standards. Red Hat Enterprise Linux 6 features Security-Enhanced Linux (SELinux), a joint project developed with the National Security Agency (NSA). This Common Criteria certification provides assurance that using Red Hat Enterprise Linux 6 with the KVM hypervisor allows providers to host many tenants on the same machine while keeping their virtual guests separated from each other using Mandatory Access Control technology developed by the NSA.
Red Hat’s announcement that Red Hat Enterprise Linux 6 has met the National Institute of Standards and Technology’s USGv6 evaluation requirements gives United States government agencies confidence that, as they make the migration to Internet Protocol Version 6 (IPv6), Red Hat Enterprise Linux 6 conforms with the USGv6 Host profile. Under the USGv6 profile, all IT network vendors must provide a Suppliers Declaration of Conformity (SDOC) for USGv6 to be considered for any new government IT purchases. While the move to IPv6 is now critical for U.S. government agencies with the exhaustion of IPv4 addresses, IPv6 also enables government networks to scale for new initiatives, including cloud computing, broadband, and smart grid. To declare conformance, Red Hat fulfilled USGv6 requirements by completing the prescribed product development for IPv6 conformance and interoperability testing for Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 achieved conformity after rigorous testing by the University of New Hampshire’s InterOperability Laboratory (UNH-IOL), one of two accredited third-party labs approved for USGv6 testing.
For more information about the security certification, go here and for more information about the NIST USGv6 conformity, go here.