Good enough for government work? Red Hat Linux receives top-notch security rating


Author: Shirl Kennedy

IBM anticipates that the enhanced EAL4 security certification earned by Red Hat Enterprise Linux Version 5 earlier this month will further its adoption by businesses and government entities worldwide.

According to IBM, “No mainstream operating system in the world offers a higher level of security certification,” which means that Red Hat Enterprise Linux running on IBM servers “now meets government security standards allowing Linux to be used in homeland security projects, command-and-control operations, and throughout government agencies that previously were limited to a select few other operating systems.” This puts it on equal footing with Sun’s Trusted Solaris operating system.

Though RHEL was already certified at a more basic EAL4 level, this is the first time it has received the Labeled Security Protection Profile certification, which involves access control.

The security evaluations are performed by the National Information Assurance Partnership’s (NIAP) Common Criteria Evaluation and Validation Scheme for IT Security program, a public-private partnership that evaluates the security of commercial technology products.

It is not insignificant that IBM is a player here. As Federal Computer Week noted in March, “Open-source systems may be gaining credibility in government circles because they are increasingly associated with large, well-respected suppliers such as IBM, Novell, Sun Microsystems, and Unisys.”

A report (PDF) last year from the Department of Defense Advanced Systems and Concepts office urged the use of open source software, standards, and development methodologies primarily as a cost-controlling measure. Earlier this month, a memo (PDF) signed by Department of the Navy CIO Robert J. Carey stated that the Navy “treat OSS as COTS when it meets the definition of a commercial item.” As John Weathersby, executive director of the Open Source Software Institute, explained to this means “that open source software must be considered in every software acquisition the Navy makes.”

Shirl Kennedy is the senior editor of theDocuTickerandResourceShelfweblogs as well as the “Internet Waves” columnist forInformation Today. She has been writing about technology since 1992.


  • Government