Collaboration with NSA C63 (aka NIAP): where we’ve been… and next stop
7
Red Hat Enterprise Linux 6 with KVM Certification Date
IBM z/VM Red Hat Version 5 Enterprise Release 3 (for Linux 5.6 with IBM System z KVM Mainframes)
VMWare VMWare vSphere 5.0 ESXi 4.1
Microsoft Windows Server 2008 Hyper-V Role with HotFix KB950050
2012-10-08
2012-04-20
2008-08-06
2012-05-18
2010-12-15
2009-07-24
EAP4+
EAP4+
EAP4+
EAP4+
EAP4+
EAP4+
CAPP
YES
YES
YES
NO
NO
NO
RBAC
YES
YES
NO
NO
NO
NO
LSPP
YES
YES
YES
NO
NO
NO
EAL Level
CAPP: Users control data access’ RBAC: Users classified into roles (“BackupAdm,” “AuditAdm”…) LSPP: Compartmentalizes users and applications from each other. Enables MLS.
Source: http://www.commoncriteriaportal.org/
8
10
Beta Programs + Customer Advisory Panels
FIPS Certs
docs.redhat.com
Value of Red Hat
Atsec 11
Common Criteria != Compliance Policy 12
STIG == Compliance Policy 13
SCAP Security Guide Project (SSG)
14
SCAP Security Guide
15
Community In a Nutshell: … has had 7,149 commits from 104 contributors, representing 1,641,075 lines of source … has become upstream for all Red Hat DISA FSO (aka, STIG) content, all Red Hat NIST baselines, all Red Hat USGCB content, NSA and CIA RHEL baselines, OpenShift work just beginning … As of October 2014, ships natively in RHEL 6.6 and 7.1