Red Hat Enterprise Linux 5 obtains EAL4+ certification
Following on from Red Hat Enterprise Linux 4 (RHEL4), which received the internationally recognised EAL4+ security certification in early 2006, RHEL5, released in March, has now also fulfilled the EAL4+ criteria and the Labelled Security Protection Profile (LSPP) criteria in accordance with the Common Criteria Standard. This includes role based access control (RBAC), which restricts the access rights of the root super-user. The certification applies to use of RHEL5 on server systems from IBM (System x, System p5, System z and eServer). It is also extended to include ALC_FLR.3 (flaw remediation).
The Common Criteria form the basis of the IT security specifications under ISO-IEC 15408. Certification is intended to ensure that products meet specific security requirements. For manufacturers, requirements relating to support, documentation of security features and dealing with security-related incidents additionally apply. Compliance with the critera, particularly at one of the higher levels such as EAL4+, is a major achievement, but it must be borne in mind that elements of the certification apply to specific configuration under controlled test conditions. It therefore represents an attainable security standard, but not an automatic one in the field.