Home » News » Linux » HP Earns Top International Linux Security Certification
HP has been awarded a top international Linux security certification that will help government agencies and enterprise customers reduce costs while implementing secure solutions on the company's industry-standard hardware.
The certification, called the Evaluation Assurance Level 4 (EAL4+) Common Criteria security certification for Red Hat Enterprise Linux 5, applies to HP servers, workstations and notebooks.
It is part of the Common Criteria Evaluation and Validation Scheme (CCEVS), an internationally recognized standard used by governments and businesses worldwide to determine the level of security and assurance of IT products. CCEVS, undertaken by the National Information Assurance Partnership (NIAP), is part of a collaboration between the National Institute of Standards and Technology and the National Security Agency.
HP has been awarded EAL4+, the highest level of assurance for an unmodified, commercial operating system, for Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile, and Role-Based Access Control Protection Profile for Red Hat Enterprise Linux 5 on HP Integrity, ProLiant and BladeSystem platforms as well as select workstations and desktops.
"HP has invested in the NIAP process and achieved leading Common Criteria security certifications since the early days of the program," said Tom Hempfield, vice president, Federal Business Organization, HP. "Our priority is to ensure that customers can turn to HP for the necessary tools and expertise to deploy commercial and open source solutions at maximum security levels."
HP worked with Red Hat and the Linux community to develop the features required for the EAL4+ certification. This included contributions to help customers integrate a Linux system into a mixed network with other trusted operating systems. As part of HP's Secure Advantage product portfolio, this certified product offering helps companies protect data and resources across their entire IT infrastructure to achieve better business outcomes.
"Red Hat has consistently worked with HP to complete Red Hat Enterprise Linux certifications on HP solutions," said Paul Cormier, executive vice president of engineering, Red Hat. "With this latest Common Criteria security certification, the robustness and reliability of Linux is expanded further. Systems security is top of mind for enterprise customers, and especially in the government sector, and we continue to ensure that Red Hat Enterprise Linux is a leading distribution that customers can trust with their most critical and private data."
The LSPP profile is of particular significance as it enables HP and its partners to build solutions with multiple levels of security. This capability allows government agencies and commercial businesses to collaborate securely by sharing applications with different security clearances on a single system and still have assurance that the system will enable only authorized access at the appropriate level.
eXMeritus Software is an HP partner that provides an off-the-shelf solution for transferring data between networks operating at different levels of classification. It recently worked with HP to port its application from Sun Microsystems' Solaris operating system to Linux.
"The combination of HP hardware and Red Hat Enterprise Linux provides us the performance, reliability and security we require to implement cross-domain solutions for the defense and intelligence communities," said Thomas Rooney, president and founder, eXMeritus Software. "The recent certifications allow us to implement our highest-security systems on a much broader range of hardware, increasing performance at an overall reduced total cost of ownership."