Red Hat Enterprise Linux 5 has been given a big boost after receiving a new top-end government security certification. Red Hat Enterprise Linux on IBM servers now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other operating systems.
After a year and a half of testing, IBM has been able to get RHEL5 certified for Evaluation Assurance Level 4 (EAL 4+) for Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP), and Role-Based Access Control Protection Profile (RBAC) certification, making it the first open source operating system to attract EAL 4+ certification and putting it on equivalence with Sun’s Solaris.
“This is the highest level of security function that anybody has,” Dan Frye, vice president of open systems with IBM told IDG’s news service.
RHEL5 was certified by the National Information Assurance Partnership's (NIAP) Common Criteria Evaluation and Validation Scheme for IT Security program, a government-funded body in the US and while Linux has already been EAL4 certified, an open source OS has not until now received an LSPP certification for access controls.
“Historically, OS vendors have required you buy a separate branched OS to get something that is LSPP and RBAC certified,” wrote Red Hat in a statement. “This is something completely unique for commercial operating systems because the support for multilevel security is native to the OS.”
RHEL5 being the first open source OS to achieve EAL 4+ certification is a significant milestone for the open source community, as it shows that open source software is coming of age and can be trusted in the most demanding and secure environments.