IBM (NYSE: IBM) und Red Hat (NYSE: RHT) haben eine neue Sicherheitszertifizierung für “Red Hat Enterprise Linux 5” vorgestellt, die den weltweiten Einsatz von Linux in Unternehmen und öffentliche Einrichtungen stärker voranbringen kann.
Durch dieses Zertifikat hebt sich das Betriebssystem von anderen vergleichbaren Mainstream-Betriebssystemen ab und bietet dem Anwender das aktuell höchste verfügbare Sicherheitsniveau im Bereich vergleichbarer Mainstream-Betriebssysteme.
Die heutige Ankündigung bestätigt, dass “Red Hat Enterprise Linux” auf IBM Servern die Sicherheitsstandards der US-Regierung erfüllt und in US-Homeland-Sicherheitsprojekten, Command-And-Control-Operationen und bei US-Behörden eingesetzt werden kann. Dort war in der Vergangenheit der Einsatz nur weniger anderer Betriebssysteme möglich. Die aktuelle Zertifizierung vermittelt “Red Hat Enterprise Linux” auf IBM Servern eine Position ganz weit vorn in Sachen Sicherheit unter den Mainstream-Betriebssystemen zu.
Red Hat Enterprise Linux auf IBM Systemen wurde von der “National Information Assurance Partnership for Common Criteria Evaluation & Validation Scheme” unter Berücksichtigung des “Evaluation Assurance Level 4” (EAL4+) für “Labeled Security Protection Profile” (LSPP), “Controlled Access Protection Profile” (CAPP) und “Role-Based Access Control Protection Profile” (RBAC) freigegeben.
Dies ist die erste Common Criteria-Zertifizierung für eine Linux-Distribution auf diesem weltweit anerkannten hohen Sicherheitsniveau.
Die Prüfungskriterien (“Common Criteria”) bestehen aus international anerkannten Standards, die von der US-Regierung und anderen Organisationen zur Bewertung der Sicherheit technischer Produkte verwendet werden. Verschiedene Produkt-Features wie die Entwicklungsumgebung, Sicherheitsfunktionalität, der Umgang mit Sicherheitslücken, sicherheitsnahen Dokumenten oder Produkttests, werden anhand strenger Kriterien evaluiert.
Die Zusammenarbeit von IBM und Red Hat verankert die RHEL-5-Zertifizierung auf multiplen Plattformen, um die Auswahl und den Nutzwert für Kunden zu maximieren. RHEL-5 ist auf verschiedenen IBM Server-Brands, wie dem System x, System p, System z und dem BladeCenter zertifiziert. Die Server-Produktlinie von IBM bietet Kunden hohe Leistung zusammen mit Flexibilität, einer Auswahl an Lösungen, Skalierbarkeit, Zuverlässigkeit und Sicherheit.
Weitere Informationen in der original Presseinformation anbei.
IBM and Red Hat Achieve Highest Security Certification for Linux on IBM Servers
Red Hat Enterprise Linux 5 on IBM Systems Receives Common Criteria Seal of Approval Required for Implementation by U.S. Government Agencies
ARMONK, NY & RALEIGH, NC – 18 Jun 2007: IBM (NYSE: IBM) and Red Hat (NYSE: RHT), the world’s leading provider of open source solutions, today announced a new security certification for Red Hat Enterprise Linux 5 that is expected to further drive the adoption of Linux among businesses and governments worldwide. With the certification, no mainstream operating system in the world offers a higher level of security certification.
Today’s announcement confirms that Red Hat Enterprise Linux on IBM servers now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other operating systems. This latest certification ensures that Red Hat Enterprise Linux running on IBM servers is now second to none in security among mainstream operating systems.
Red Hat Enterprise Linux on IBM systems, supporting applications such as those developed by Trusted Computer Solutions, Inc., a leading supplier of cross domain solutions for industry and government, has been approved by the National Information Assurance Partnership for Common Criteria Evaluation & Validation Scheme at Evaluation Assurance Level 4 (EAL4+) for Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP), and Role-Based Access Control Protection Profile (RBAC).
This marks the first Common Criteria certification for a Linux distribution at this globally recognized advanced level of security and assurance, which means Red Hat Enterprise Linux on IBM systems now meets government security standards for assured information sharing within and across government agencies. Red Hat Enterprise Linux is now positioned to provide best-of-breed security capabilities for commercial operating systems, offering government agencies and businesses alike an unprecedented choice for secure applications.
Red Hat Enterprise Linux 5, which was released for general availability earlier this year, contains kernel and Security Enhanced Linux (SELinux) policy features developed through a significant open community effort with IBM, and the participation from other key contributors, including Red Hat, Trusted Computer Solutions, and federal government representatives.
„NSA is pleased that the work of its research organization in the area of secure computing is being used as the foundation for secure solutions in the open community,“ said Richard Mathews, Chief of NSA’s National Information Assurance Research Laboratory. „We are committed to focusing on new technology research and promoting transfer of those technologies to the private sector to improve assurance of NIAP certified commercial products.“
The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. Under Common Criteria, products are evaluated against strict standards for various features, such as the development environment, security functionality, the handling of security vulnerabilities, security related documentation and product testing.
Wide Range of Choice for Linux Solutions
IBM and Red Hat have collaborated to ensure certification of RHEL 5 on multiple platforms to maximize choice and value for customers. RHEL 5 is certified on several IBM server brands, including System x, System p, System z, and BladeCenter. IBM’s server product line offers customers industry-leading performance together with application flexibility, solution choice, and outstanding scalability, reliability and security.
„Today’s announcement marks another significant milestone in the evolution of Linux, which is already established as a true enterprise-class system that routinely handles mission-critical applications,“ said Dave McQueeney, IBM Vice President, U.S. Federal. „In our federal government environment, we have the additional requirement for certifications to confirm the integrity of software for the most sensitive applications. We all recognize that Linux is a rock-solid system, with a vibrant and innovative development community, eclipsing many other offerings in common use across federal. Now, by achieving EAL4+ with multilevel security capability, we have further confirmation of the robustness and trustworthiness of Linux, and we expect its impact across federal to accelerate rapidly.“
„Systems security is top of mind for enterprise customers, and especially in the government sector,“ said Paul Cormier Executive Vice President of Engineering at Red Hat. „Red Hat, IBM and TCS have partnered for years to ensure that Red Hat Enterprise Linux is a leading distribution that customers can trust with their most critical and private data.“
About IBM
For more information on IBM and Linux, please visit www.ibm.com/linux.
About Red Hat, Inc.
Red Hat, the world’s leading open source solutions provider, is headquartered in Raleigh, NC with over 50 satellite offices spanning the globe. CIOs have ranked Red Hat first for value in Enterprise Software for three consecutive years in the CIO Insight Magazine Vendor Value study. Red Hat provides high-quality, low-cost technology with its operating system platform, Red Hat Enterprise Linux, together with applications, management and Services Oriented Architecture (SOA) solutions, including the JBoss Enterprise Middleware Suite. Red Hat also offers support, training and consulting services to its customers worldwide. Learn more: http://www.redhat.com.
