Today HP execs wrote to tell us that their company has been awarded a top international Linux security certification. The certification, called the Evaluation Assurance Level 4 (EAL4+) Common Criteria security certification for Red Hat Enterprise Linux 5, applies to HP servers, workstations and notebooks.
In June, if you’ll remember, IBM was awarded the same EAL4+ certification for RHEL5 running on IBM System x, System p, System z, and BladeCenter servers.
This cert is part of the Common Criteria Evaluation and Validation Scheme (CCEVS), an internationally recognized standard used by governments and businesses worldwide to determine the level of security and assurance of IT products. CCEVS, undertaken by the National Information Assurance Partnership (NIAP), is part of a collaboration between the National Institute of Standards and Technology and the National Security Agency.
HP has been awarded EAL4+, the highest level of assurance for an unmodified, commercial operating system, for Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile, and Role-Based Access Control Protection Profile for Red Hat Enterprise Linux 5 on HP Integrity, ProLiant and BladeSystem platforms as well as select workstations and desktops.
According to HP, the company worked with Red Hat and the Linux community to develop the features required for the EAL4+ certification. This included contributions to help customers integrate a Linux system into a mixed network with other trusted operating systems. As part of HP’s Secure Advantage product portfolio, this certified product offering helps companies protect data and resources across their entire IT infrastructure to achieve better business outcomes.
The LSPP profile enables HP and its partners to build applications with multiple levels of security. This capability allows government agencies and commercial businesses to collaborate securely by sharing applications with different security clearances on a single system and still have assurance that the system will enable only authorized access at the appropriate level.