IBM and Red Hat, a leading provider of open source solutions, have announced a new security certification for Red Hat Enterprise Linux 5 that is expected to further drive the adoption of Linux among businesses and governments worldwide. With the certification, no mainstream operating system in the world offers a higher level of security certification.

The announcement confirms that Red Hat Enterprise Linux on IBM servers now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other operating systems. This latest certification ensures that Red Hat Enterprise Linux running on IBM servers is now second to none in security among mainstream operating systems.

Enterprise Linux, supporting applications such as those developed by Trusted Computer Solutions, Inc., a leading supplier of cross domain solutions for industry and government, has been approved by the National Information Assurance Partnership for Common Criteria Evaluation and Validation Scheme at Evaluation Assurance Level 4 (EAL4+) for Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP), and Role-Based Access Control Protection Profile (RBAC).

This marks the first Common Criteria certification for a Linux distribution at this globally recognized advanced level of security and assurance, which means Enterprise Linux now meets government security standards for assured information sharing within and across government agencies. The operating system is now positioned to provide best-of-breed security capabilities for commercial operating systems, offering government agencies and businesses alike an unprecedented choice for secure applications.

Red Hat Enterprise Linux 5, which was released for general availability earlier this year, contains kernel and Security Enhanced Linux (SELinux) policy features developed through a significant open community effort with IBM, and the participation from other key contributors, including Red Hat, Trusted Computer Solutions, and federal government representatives.

"NSA is pleased that the work of its research organization in the area of secure computing is being used as the foundation for secure solutions in the open community," said Richard Mathews, chief of NSA's National Information Assurance Research Laboratory. "We are committed to focusing on new technology research and promoting transfer of those technologies to the private sector to improve assurance of NIAP certified commercial products."

The Common Criteria is an internationally recognized set of standards used by the federal government and other organizations to assess the security and assurance of technology products. Under Common Criteria, products are evaluated against strict standards for various features, such as the development environment, security functionality, the handling of security vulnerabilities, security related documentation and product testing.

Wide Range of Choice for Linux Solutions

IBM and Red Hat have collaborated to ensure certification of RHEL 5 on multiple platforms to maximize choice and value for customers. RHEL 5 is certified on several IBM server brands, including System x, System p, System z, and BladeCenter. IBM's server product line offers customers industry-leading performance together with application flexibility, solution choice, and outstanding scalability, reliability and security.

"Today's announcement marks another significant milestone in the evolution of Linux, which is already established as a true enterprise-class system that routinely handles mission-critical applications," said Dave McQueeney, IBM vice president, U.S. Federal. "In our federal government environment, we have the additional requirement for certifications to confirm the integrity of software for the most sensitive applications. We all recognize that Linux is a rock-solid system, with a vibrant and innovative development community, eclipsing many other offerings in common use across federal. Now, by achieving EAL4+ with multilevel security capability, we have further confirmation of the robustness and trustworthiness of Linux, and we expect its impact across federal to accelerate rapidly."

"Systems security is top of mind for enterprise customers, and especially in the government sector," said Paul Cormier, executive vice president of engineering at Red Hat. "Red Hat, IBM, and TCS have partnered for years to ensure that Red Hat Enterprise Linux is a leading distribution that customers can trust with their most critical and private data." 

About IBM 

For more information on IBM and Linux, please visit www.ibm.com/linux. 

About Red Hat, Inc. 

Red Hat, the world's leading open source solutions provider, is headquartered in Raleigh, NC with over 50 satellite offices spanning the globe. CIOs have ranked Red Hat first for value in Enterprise Software for three consecutive years in the CIO Insight Magazine Vendor Value study. Red Hat provides high-quality, low-cost technology with its operating system platform, Red Hat Enterprise Linux, together with applications, management and Services Oriented Architecture (SOA) solutions, including the JBoss Enterprise Middleware Suite. Red Hat also offers support, training and consulting services to its customers worldwide. Learn more: http://www.redhat.com.