|
|
From FIPS 140-3 to Common Criteria to DISA STIGs, Red Hat is constantly pursuing the next iteration of compliance for our customers. Red Hat’s mission has long been to bring community innovation to enterprise organizations, packaged in a hardened, production-ready form. This isn’t just about packaging and testing, however; we take extra steps to bring these emerging capabilities in-line with some of the most stringent secure computing standards and requirements in the world. Innovation by itself isn’t enough for public sector agencies or the companies that serve these organizations. Instead, open innovation must be paired with a proven commitment driving security-enhanced computing. This isn’t a one-off effort for Red Hat, nor do we only pursue a single validation at a time.
We consider standards compliance as a continuum, with dozens of efforts in flight at any given time. These pursuits take months, if not years, to achieve, especially as platforms grow in complexity and scope. With so many compliance efforts active, we Canada Mobile Database wanted to provide a snapshot of some of these key projects to highlight our continued commitment to enabling secure, compliant computing in the public sector. Common Criteria A globally accepted standard, Common Criteria provides assurance that the processes around an IT product, from vendor claims to testing, prove that it truly does meet the needs of security-conscious computing. Red Hat Enterprise Linux (RHEL), the world’s leading enterprise Linux platform, forms the foundation of our Common Criteria efforts. Both RHEL 8.6 and RHEL 9.0 are now certified for Common Criteria, and are posted on the NIAP Product Compliant List. We are currently in the process of planning the next RHEL release to receive Common Criteria certification.
We are also extending the hardware platforms that we use for Common Criteria validation by adding IBM Z15 to our RHEL 8.6 certification and IBM Z16 and IBM Power 10 for RHEL 9.0 certification. Federal Information Processing Standards (FIPS) FIPS 140-2 and 140-3 provide validation that the cryptographic tools in a given piece of software are implementing their respective algorithms properly. Because many Red Hat products use the same cryptographic binaries, a single certification can carry through to other Red Hat products and product versions with an unmodified binary. Given the wide range of choices that our customers have with RHEL, we will continue to submit versions of both RHEL 8 and RHEL 9 for FIPS review. For RHEL 8, we also remain committed to both FIPS 140-2 and FIPS 140-3 evaluations, as FIPS 140-2 will continue to be viable until September 21, 2026. The RHEL 8.6 OpenSSL certificate has been issued, and IBM z15, IBM Power 9 and IBM Power 10 have been added as validated hardware for RHEL 8 FIPS certifications.
|
|
发表于 2024-2-29 16:45:26