red hat common criteria certification linux [shutterstock: 1074308081, PopTika]
[shutterstock: 1074308081, PopTika]
Open Source Press Release

Common Criteria Certification For Red Hat Enterprise Linux 8

Red Hat announced that Red Hat Enterprise Linux 8.1 has achieved Common Criteria Certification.

For Common Criteria, Red Hat Enterprise Linux 8.1 was certified by the National Information Assurance Partnership (NIAP), with testing and validation completed by Acumen Security, a U.S. government-accredited laboratory. The platform was tested and validated against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) against version 4.2.1 of the NIAP General Purpose Operating System Protection Profile including Extended Package for Secure Shell (SSH), version 1.0 and is the latest Red Hat Enterprise Linux version to appear on the NIAP Product Compliant List.

Previously, Red Hat Enterprise Linux operating systems were certified at EAL4+. The treaty that enables countries to recognize certifications across borders now includes a new Common Criteria Recognition Arrangement that only recognizes up to EAL2. This treaty also rewrote protection profiles across products to be very specific about individual product requirements, documentation and testing procedures. It is now expected that a solution either meets the protection profile exactly or it does not.

In the previous EAL system, the number (EAL2, EAL4, etc.) distinguished the degree of rigor applied to meeting open-ended requirements. This revised certification is designed to be more predictable and better suited to an operating system with frequent, predictable minor releases like Red Hat Enterprise Linux, with future platform certifications intended to be aligned with this certification method.


Red Hat’s long history of working with government and defense agencies extends beyond Common Criteria validation. Part of this collaboration includes the creation and validation of more secure configurations of the enterprise Linux platform for sensitive computing environments. The Defense Information Systems Agency (DISA) recently published a Secure Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, which offers a configuration roadmap to deploy Red Hat Enterprise Linux 8 with an approved security baseline while still helping to drive innovation across an organization.

About the author

E-3 Magazine

Articles published through E-3 Magazine International. This includes press releases by our partners as well as articles and reports from the E-3 team of journalists.

Add Comment

Click here to post a comment

Social Media

Sign up for e3zine´s biweekly newsbites

Please do not use administrative mail adresses like "noreply@..", "admin@.." or similar as these may get blocked for security reasons.

We use rapidmail for dispatching our newsletter. By signing up, you agree that the data you have entered will be transmitted to rapidmail. Please take note of their terms and conditions and privacy policy. terms and conditions .

Our Authors