Red Hat gets RHEL 8.2 certified for high level US government security

Linux slinger's gear can now look after ███ ███ ███ in secure ███ ███

Linux slinger Red Hat has achieved Common Criteria certification for Red Hat Enterprise Linux 8.2.

This means it is cleared as a platform suitable for US users with critical workloads in classified and sensitive deployments, including national security agencies, finance and healthcare organizations.

According to Red Hat, RHEL 8.2 was certified by the National Information Assurance Partnership (NIAP), an American government program that oversees evaluation and validation of commercial off-the-shelf (COTS) IT products for conformance to the international Common Criteria requirements. Actual testing and validation was completed by Acumen Security, a laboratory accredited by the US government.

Common Criteria certification itself is designed to provide a level of assurance to users that a particular product meets security criteria for specific compute environments. Rigorous testing by a qualified independent third party is a key part of this process.

RHEL 8.2 was validated against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) using version 4.2.1 of the NIAP General Purpose Operating System Protection Profile, including Extended Package for Secure Shell (SSH), version 1.0.

This version of Red Hat Enterprise Linux was released in April 2020, perhaps giving an indication of the level of testing necessary to achieve Common Criteria certification (CCC). It is, however, only the latest release of the platform to be accredited.

Clara Conti, Red Hat VP and general manager for North America Public Sector, said the certification of RHEL 8.2 "shows our continued commitment to making Red Hat Enterprise Linux a platform ... [that] serves as the backbone for critical and security-sensitive operations."

Meanwhile, Red Hat recently announced a beta release of RHEL 8.6, which showcases the new features coming in the production release of the platform, as usual.

This includes more system roles to streamline RHEL configuration for common tasks, such as a High Availability Cluster role, with automated tooling to standup high availability clusters using prescriptive use case scenarios and topology recommendations. There is also a Firewall System role and a System Role for web console, which automates the installation and configuration of the RHEL web console.

Last year, Red Hat also released an early beta for Red Hat Enterprise Linux 9, which is based on Linux kernel version 5.14 and provides a preview of the next major update of RHEL.

Red Hat customers can directly access the Red Hat Enterprise Linux Betas from the Red Hat Enterprise Linux Customer Portal.

Last month, Red Hat's owner, IBM, spilled the beans on its long term strategy behind the decision to purchase the Linux distributor. Spoiler: it is the OpenShift application platform. ®

Similar topics

Broader topics

Narrower topics

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022