HP and RedHat has achieved Common Criteria certification at the EAL 4 level with the Labeled Security Protection Profile (LSPP) for HP servers running RHEL5.
RHEL5 has also been certified to run on IBM hardware obtaining the highest level of security certification achievable by commercial off-the-shelf operating systems.
Soruce: The Open Road
Why does it matter to me? Because I enjoy Linux every day and has worked with Common Criteria while studying so I can appreciate the seriousness this brings to Linux.
What is Common Criteria?
Common Criteria is a formal system for evaluating and declaring security conformance of IT products. Typically, a product is evaluated against a known Protection Profile (for example LSPP mentioned above). The key point is that PP:s can be reused so when you are choosing among firewalls, you may chose between firewalls being evaluated against the same criteria. For producers it also means profiles may not have to be developed, they can be reused.
So in a way, Common Criteria is a very controlled way of declaring conformance by means of independent auditors.
Way to go RH
Comments