IT DRILLDOWN
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
* Youth in IT: How CIOs Can Engage the Next Generation
June 10
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

News Short

 

Red Hat Linux Gets Top Government Security Rating

 

June 18, 2007 — IDG News Service (San Francisco Bureau) — Red Hat Linux has received a new level of security certification that should make the software more appealing to some government agencies.

Last week IBM was able to achieve EAL4 Augmented with ALC_FLR.3 certification for Red Hat Enterprise Linux, putting it on a par with Sun Microsystems' Trusted Solaris operating system, said Dan Frye, vice president of open systems with IBM.

"This is the highest level of security function that anybody has," Frye said. "We have delivered LSPP functionality in Red Hat Enterprise Linux 5 and we have certified that at the EAL4 level of assurance."

This rating is awarded by the government-funded National Information Assurance Partnership's (NIAP) Common Criteria Evaluation and Validation Scheme for IT Security program, which evaluates the security of commercial technology products.

 
RELATED STORY
 
 

Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's mainframe, System x, System p5 and eServer systems.

This level of security certification is not usually required for enterprise contracts, but it is mandatory for some programs within government agencies such as the U.S. Department of Defense and the U.S. National Security Agency, Frye said.

Linux had already been certified at the EAL4 level, but this is the first time that the operating system has received the Labeled Security Protection Profile (LSPP) certification, which relates to its access-control features.

Linux developers have been working to add these "SE Linux" access control features into the operating system for several years now. SE Linux shipped as part of Red Hat Enterprise Linux 5, and now it has been certified for government use, Frye said. "You now have a level of fine-grained control for everybody," he added. "You can set security based on groups or based on individuals."

In addition to LSPP, Red Hat Linux has been certified with Role Based Access Control Protection (RBAC), and that too is noteworthy, said Red Hat.

"Historically, OS vendors have required you buy a separate branched OS to get something that is LSPP and RBAC certified," the company said in a statement. "This is something completely unique for commercial operating systems because the support for multilevel security is native to the OS."

According to Frye, the certification is "big news for the Linux industry" because it shows that open-source software can be used for sensitive computing tasks. "If anyone had any doubts that you could do this with an open-source operating system, we've proved them wrong."

Other stories by Robert McMillan

Copyright 2006 IDG News Service, International Data Group Inc. All rights reserved.
 
 
 
 
 
 
Loading...
 
RELATED ARTICLES
 
 
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Evolve your data center on proven technology. The Brocade DCX.

Secure your virtual and physical environments with the same software.

Windows Server 2008: To Upgrade or Not to Upgrade?

Research about the efficiencies created by different operating systems.

Global Crossing is the most viable alternative for voice, video and data.

The New Foundation of Storage: Xiotech's Intelligent Storage Element

3M saved $3M on printing. Learn how HP can help your business

Survival of the Fittest: Disaster Recovery Design for the Data Center

Increase conversions on your site with the help of EV SSL.

Data Loss Prevention Starts at the Endpoint

Performance Brief: Mobile Application Acceleration

Strategies for centralizing data backup

Green IT: Reducing Your Carbon Footprint with Citrix

The Best IT Strategy for a Company with Global Operations

Speed, agility, flexibility - The HP BladeSystem c-Class

The Business Value of Symantec Data Center Foundation Solutions

Webcast: Why standardizing your ECM platform is so critical to your success

The PCI Data Security Standard

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Compliance by the numbers- addressing requirements with online document management and collaboration technology

Video Series: IT Leaders discuss how IT is becoming part of the innovation cycle.

White Paper: Intel IT testing of select multi-core processors results

Architecting A Better Network Storage Solution

Experience the colorful side of business. Visit Frugalcolor.com.

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Eliminate network threats and downtime with Juniper Networks. View demo.

Choose a mobile device platform with familiar programs and simplified management

How Office 2007 Exposed Bill Gates

White Paper: Juniper Networks Ethernet Switching Solutions Reduce Operational IT Expenses

Webcast: Research insight into how organizations are using virtualization

3 Reasons to Invest in Integration Technology Now

A CIO's View of Server Virtualization

Let's Get Virtual: A Look at Today's Server Virtualization Architectures

How to simplify mobility and reduce the cost of supporting mobile workers

Extending PCI Compliance to the Mobile Workforce

A proven approach to WAN optimization

Wireless Vulnerability Management: What It Means for Your Enterprise

Wide-area data services enable todays global enterprise

Discover PMI's credentials and career path tools

Symantec State of the Data Center Report

Getting the Most from your Data Protection Solution

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

See why 93 of the Fortune Global 100 depend on Blue Coat.

Taking Document Automation to the Next Level

White Paper: WebMethods Business Process Management Suite

Survey and Whitepaper: Reducing IT Energy Drain for Business Gain

Top 10 Reasons to Go Green in IT

Gaining Transparency in IT Outsourcing

Transforming Virtualization into a Competitive Advantage