Although it is still a year away from being released, Red Hat Enterprise Linux 5 is already on the path toward EAL4 certification.
The new certification will raise the bar for Government security deployments for Red Hat’s flagship Linux product.
Red Hat’s bid for EAL4 certification is being sponsored by IBM and Trusted Computer Systems, Inc. (TCS). EAL 4 certification is a security evaluation of the Common Criteria Evaluation & Validation Scheme (CCEVS) that is operated by The National Information Assurance Partnership (NIAP).
According to Red Hat and its sponsors, Red Hat Enterprise Linux 5 (RHEL 5) began its path to certification this month. RHEL 4 is currently EAL 3 certified. Red Hat’s principal Linux competitor, Novell SUSE Linux Enterprise Server 9, has been EAL 4 certified since February. Successful EAL4 certification will mean that RHEL 5 “meets government security standards for assured information sharing within and across government agencies.”
The EAL 4 certification is initially being evaluated on IBM’s xSeries, pSeries, zSeries and BladeCenter. Red Hat spokesperson Leigh Day told internetnews.com that Red Hat will pursue certification on other platforms and architectures, though Red Hat has no further details at this time about such certifications.
“EAL 4 certification is another milestone of Red Hat’s ‘Security in a Networked World’ strategy,” Day explained. “We continue to work to make sure that security is built into the platform, not considered as an afterthought when something bad happens. The security of our platform drives value for our customers.”
RHEL 4 was released this past February , and RHEL 5 isn’t expected until late 2006 following an 18 month interval between releases. Though RHEL 5 does not yet exist, Trusted Computer Systems (TCS) cross domain security applications are available and RHEL 5 is set to be the first Linux distribution with TCS’s capabilities.
“This is an application available from TCS where the technology is previewed and can run on Red Hat Enterprise Linux v. 4,” Day explained. “The technology is also available to preview in Fedora.”
Day added that TCS is the company that helped to enhance the kernel and SELinux to qualify for the new level of certification coming in Red Hat Enterprise Linux v. 5.
Red Hat is currently in process for the certification with no exact completion date.
“We will work to have this certification at or before the time Red Hat Enterprise Linux v. 5 is launched,” Day said.
With a year to go until RHEL 5 is released it’s still somewhat early to know what the major enhancements will be included in Red Hat’s next release.
“Security is the first Red Hat Enterprise Linux v. 5 priority we are disclosing,” Day said. “Other technologies currently in development as part of the Fedora Project will be discussed in the future as we get closer to availability.”
Corrects headline to clarify that RHEL 4 certification