CIO Executive Programs
The Leader in Face-to-Face Education for Senior ExecutivesOffering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
CIO Executive Council
Public TeleconferencesJoin CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Youth in IT: How CIOs Can Engage the Next Generation
June 10
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
Are you involved in setting the direction for your company's IT budget or strategy?
Apply today for a FREE subscription to CIO Magazine!
Subscription Services »
Reprints »
News Short
Red Hat Linux Gets Top Government Security Rating
June 18, 2007 — IDG News Service (San Francisco Bureau) — Red Hat Linux has received a new level of security certification that should make the software more appealing to some government agencies.
Last week IBM was able to achieve EAL4 Augmented with ALC_FLR.3 certification for Red Hat Enterprise Linux, putting it on a par with Sun Microsystems' Trusted Solaris operating system, said Dan Frye, vice president of open systems with IBM.
"This is the highest level of security function that anybody has," Frye said. "We have delivered LSPP functionality in Red Hat Enterprise Linux 5 and we have certified that at the EAL4 level of assurance."
This rating is awarded by the government-funded National Information Assurance Partnership's (NIAP) Common Criteria Evaluation and Validation Scheme for IT Security program, which evaluates the security of commercial technology products.
Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's mainframe, System x, System p5 and eServer systems.
This level of security certification is not usually required for enterprise contracts, but it is mandatory for some programs within government agencies such as the U.S. Department of Defense and the U.S. National Security Agency, Frye said.
Linux had already been certified at the EAL4 level, but this is the first time that the operating system has received the Labeled Security Protection Profile (LSPP) certification, which relates to its access-control features.
Linux developers have been working to add these "SE Linux" access control features into the operating system for several years now. SE Linux shipped as part of Red Hat Enterprise Linux 5, and now it has been certified for government use, Frye said. "You now have a level of fine-grained control for everybody," he added. "You can set security based on groups or based on individuals."
In addition to LSPP, Red Hat Linux has been certified with Role Based Access Control Protection (RBAC), and that too is noteworthy, said Red Hat.
"Historically, OS vendors have required you buy a separate branched OS to get something that is LSPP and RBAC certified," the company said in a statement. "This is something completely unique for commercial operating systems because the support for multilevel security is native to the OS."
According to Frye, the certification is "big news for the Linux industry" because it shows that open-source software can be used for sensitive computing tasks. "If anyone had any doubts that you could do this with an open-source operating system, we've proved them wrong."
Other stories by Robert McMillan
Copyright 2006 IDG News Service, International Data Group Inc. All rights reserved.
| RELATED SOLUTIONS |
Windows Server 2008: To Upgrade or Not to Upgrade?
How Office 2007 Exposed Bill Gates
IDC White Paper sponsored by Microsoft: Improving Desktop Management with Microsoft Desktop Optimization Pack
How Operating Systems Create Network Efficiency
Managed Internal DNS Service with Integrated DHCP Solution
Managed internal DNS/DHCP Service meets the needs and challenges of IT professionals
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
The New "Black Art." Learn why few companies do DNS well. Why fewer can scale it.
Get Rich or Get Thin: The Secure Client Webcast
Managing Virtualization Investments for Optimal Efficiency and Business Value
Protect yourself against internal threats: Reduce risk and liability of data breaches in test and production
Five things the legacy ERP vendors don't want you to know about on-demand ERP
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Windows Coming on Dual-Boot OLPC
Yahoo Tells Icahn That Its Own Board Knows Best
Does Icahn have a Backup Plan?
Wall Street Beat: M&a Stirs 'trendless Market'
Facebook to Google: Friend Disconnect
US Agency to Investigate Semiconductor Patent Complaints
WORLDBEAT - the Connected Home -- While on the Move
Burkina Faso Shea Butter Producers Go High Tech
After 'treasure Hunt,' Hacker Releases IE Attack Code
Good News From Sprint, Covad WiMax Trials
More News »
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
