Red Hat Achieves Six FIPS 140-2 Security Certifications on HP Systems
2011-04-27via BusinessWire
Austin, TX - Red Hat Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced the completion of six Federal Information Processing Standard (FIPS) 140-2 certifications from the U.S. government's National Institute of Standards and Technology (NIST). This marks the culmination of one of the largest certification efforts that Red Hat has completed with the U.S. Government.
Information security officials have a mandate to maintain greater control over data and information systems. U.S. Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) IT-related products must use FIPS-140 certified systems. FIPS 140-2 validation is required by national agencies in Canada and is recognized in Europe and Australia.
"Military and civilian government agencies alike require the highest possible protection for their highly sensitive and valuable data," said Jim Totton, vice president, Platform Business Unit at Red Hat. "Undertaking and achieving this significant certification effort illustrates our dedication to building an operating system that is designed to meet the most rigorous security standards in the world. Our work with HP to achieve these certifications represents significant value for government customers, who no longer are required to invest in a separate utility to get FIPS-certified encryption capabilities."
Red Hat Enterprise Linux 5 on HP ProLiant Servers has achieved the following FIPS 140-2 certifications:
- Kernel Crypto API Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1387
- OpenSwan Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1386
- OpenSSH-Client Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1385
- OpenSSH-Server Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1384
- OpenSSL Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1320
- Libgcrypt Cryptographic Module http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm#1305
"Securing data in transit is a critical concern for any agency that provides vital information services over a network," said Tom Hempfield, vice president, Federal Business Organization at HP. "This certification demonstrates HP's long-standing investment in enhancing Red Hat Enterprise Linux security to provide our agency customers with the security they need to manage risk appropriately."
The Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for U.S. Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use by the U.S. Government and government contractors. NIST develops FIPS when there are compelling U.S. Government requirements, such as for security and interoperability, and there are no acceptable industry standards or solutions. The FIPS 140 Publication Series coordinates the requirements and standards from cryptography modules for hardware and software, and to achieve FIPS 140-2 validation, cryptographic modules are subjected to rigorous testing by independent, accredited test facilities.
The validation testing was performed by the atsec information security corporation Cryptographic and Security Testing (CST) Laboratory in Austin. atsec is an independent company with longstanding experience in international IT security standards.
Apostol Vassilev, atsec's CST Lab Manager, stated, "This validation marks an important milestone in that users of Red Hat Enterprise Linux can have confidence that the operating system and the critical services and applications that run on it comply with the full scope of security assurances provided by the FIPS 140-2 standard. We applaud Red Hat and HP for setting a high industry standard for security capabilities and their commitment to these important certifications."
In addition to the completed FIPS 140-2 certifications for Red Hat Enterprise Linux 5, Red Hat is also officially "In Evaluation" for FIPS 140-2 certification of Red Hat Enterprise Linux 6.
For a full list of Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules from NIST, visit http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm.
To learn more about Red Hat's certifications and accreditations, visit http://www.redhat.com/solutions/government/certifications/.
Additional information about HP's open source and Linux solutions is available at http://www.hp.com/go/linux.
For more information about Red Hat, visit www.redhat.com. For more Red Hat news, more often, visit www.press.redhat.com.
About Red Hat, Inc.
Red Hat, the world's leading provider of open source solutions and an S&P 500 company, is headquartered in Raleigh, NC with over 65 offices spanning the globe. CIOs ranked Red Hat as one of the top vendors delivering value in Enterprise Software for seven consecutive years in the CIO Insight Magazine Vendor Value survey. Red Hat provides high-quality, affordable technology with its operating system platform, Red Hat Enterprise Linux, together with virtualization, applications, management and Services Oriented Architecture (SOA) solutions, including Red Hat Enterprise Virtualization and JBoss Enterprise Middleware. Red Hat also offers support, training and consulting services to its customers worldwide. Learn more: http://www.redhat.com.
About atsec information security
atsec information security corporation is a U.S. Government accredited laboratory, based in Texas, which tests information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology.
Combining all of our technology security experience and expertise, atsec information security corporation additionally provides strong consulting skills for: network penetration testing; embedded systems and hardware security testing and analysis; the Federal Information Security Management Act (FISMA); Information Systems Security Management Systems (ISMS); and independent security assessments based on your individual needs.
atsec also operates Government accredited laboratories in Germany and Sweden.
