Red Hat Is the First to Receive the LSPP Certification

IBM has achieved the EAL4 Augmented with ALC FLR3 certification for Red Hat Enterprise Linux for their mainframe, System x, System p5 and eServer systems, according to their officials. The new level of security received by Red Hat plays an important role especially when it comes to governmental agencies, such as the U.S. Department of Defense or the U.S. National Security Agency, which needed a more exigent and reliable certification. And it is also well known the fact that US Government policies mandate that government acquisitions consider OSS approaches.

"This is the highest level of security function that anybody has," Dan Frye, vice president of open systems with IBM said. We have delivered LSPP functionality in Red Hat Enterprise Linux 5 and we have certified that at the EAL4 level of assurance ... You now have a level of fine-grained control for everybody. You can set security based on groups or based on individuals ...If anyone had any doubts that you could do this with an open-source operating system, we've proved them wrong."

The Labeled Security Protection Profile (LSPP) certification is awarded by the government-funded National Information Assurance Partnership's (NIAP) Common Criteria Evaluation and Validation Scheme for IT Security program, which evaluates the security of commercial technology products. Red Hat Linux has also been certified with Role Based Access Control Protection (RBAC), and that too is noteworthy, said Red Hat Inc.

"Historically, OS vendors have required you buy a separate branched OS to get something that is LSPP and RBAC certified. This is something completely unique for commercial operating systems because the support for multilevel security is native to the OS" , Red Hat commented.

Linux itself had already been certified at the EAL4 level, but Red Hat became the first system receiving the LSPP certification, based on its access-control features.