Thanks to Andreas Fabis for sending this in to us. atsec information security is pleased to announce the successful Common Criteria Certification of Red Hat Enterprise Linux Version 5.3 at EAL 4 (augmented for flaw remediation) with the Controlled Access Protection Profile (CAPP). Under Common Criteria, products are evaluated against strict standards for various features, including security functionality, development environment, security vulnerability handling, documentation of security-related topics, and product testing.

The evaluation covers a potentially distributed, but closed, network of Dell 11th Generation PowerEdge servers running the evaluated version of Red Hat Enterprise Linux and also includes the evaluated version of Red Hat Enterprise Linux running under Xen on the Dell 11th Generation PowerEdge servers. The cryptography provided by OpenSSL, which is used by security-enforcing components, was tested using the Cryptographic Algorithm Validation Program (CAVP) established by NIST. This validation demonstrates the compliance of the OpenSSL cryptographic algorithms with a reference implementation.

The certification of Red Hat Enterprise Linux Version 5.3 through NIAP’s Common Criteria Evaluation and Validation Scheme (CCEVS) adds another open-source operating system to atsec's portfolio of more than 60 OS evaluations during the course of the last decade. Staff members at atsec have extensive experience with ITSEC and Common Criteria — some dating back to the 1980's.

The evaluation technical report and the certificate will be available on the NIAP web site and also on the Common Criteria portal:

About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in January 2000 and has extensive international operations with offices in the US, Sweden, the UK, and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, RWE, and Wincor-Nixdorf.