The certification provides government agencies, financial institutions, and customers in other security-sensitive and regulated environments the assurance and confidence that Red Hat JBoss EAP 7.2 meets government security standards.
This achievement demonstrates Red Hat’s industry leadership in technology and security. This is the third time JBoss EAP has achieved Common Criteria certification. In 2015, JBoss EAP 6.2 also achieved recognition at the EAL4+ assurance level. Red Hat’s latest certification will be recognized by all countries under the Common Criteria Recognition Arrangement (CCRA) at Evaluation Assurance Level 2 since there is no generally agreed criteria for higher assurance levels.
The Common Criteria is an internationally recognized set of standards used by the federal government and organizations to assess the security and assurance of technology offerings. EAL categorizes the depth and rigor of the evaluation, and EAL4+ assures consumers that the software has been methodically designed, tested, and reviewed to meet the evaluation criteria.
Red Hat partnering with Atsec
Red Hat worked with Atsec information security, a government accredited laboratory in the United States, Germany, Sweden, Singapore and Italy to complete the certification. Atsec tested and validated the security, performance and reliability of the solution against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) at EAL4+.
Paul Smith, senior vice president and general manager, Public Sector, Red Hat, said, “We’re exceptionally proud that Red Hat JBoss Enterprise Application Platform again has achieved the Common Criteria Certification. It is important that our customers know they are getting the highest standard of security when they use JBoss EAP, especially those in highly regulated industries. Common Criteria accreditation is a rigorous security standard and means customers can confidently trust Red Hat with sensitive applications, services and data. Repeatedly achieving this accreditation is a key value of the Red Hat subscription, and one that differentiates enterprise-class open source, and proves our on-going dedication to providing top solutions to security-conscious customers.”
Kenneth Hake, Common Criteria laboratory manager, Atsec U.S., added, “We are proud to continue to be Red Hat’s laboratory of choice for evaluating its products for Common Criteria Certification. The completion of this certification for JBoss Enterprise Application Platform 7.2 means that the product meets rigorous security standards at the EAL 4+. The evaluation included the security functionality of Access Control, Role-based Access Control, Audit, Clustering, Identification and Authentication, and Transaction Rollback within the scope.”