When it comes to big enterprise IT deployments in the U.S., there is no enterprise bigger than the federal government itself. Linux vendor Red Hat is hoping for a larger portion of the government's multi-billion dollar IT spending with its widest-ever array of security certifications, thanks to assistance from HP.
HP Thursday released new Multi-Level Security (MLS) Services for Red Hat Enterprise Linux 5 in support of the open source OS vendor's government push.
At the core of MLS Services is the fact that HP has achieved Common Criteria certification at the EAL 4 level with the Labeled Security Protection Profile (LSPP) -- certifications that mean HP, and now Red Hat, are can meet high-level government security requirements. Common Criteria certifications, for instance, are key government certifications that ensure a degree of security compliance against known criteria.
The HP effort "helps validate not only MLS requirements in government but also the fact that government customers want choice," Paul Smith, Red Hat's vice president of government sales operations told InternetNews.com. "HP's announcement sends the resounding messaging that government customers want collaboration and flexibility in their solutions, a move away from the proprietary vendor lock-in that once dominated."
Erik Lillestolen, HP's government program manager for open source and Linux organization, said the effort will help curb concerns about implementing new technologies. (Red Hat Enterprise Linux 5 debuted in March.)
"We're putting together a service that we're offering to the federal government to help them implement MLS environment in their own infrastructure," Lillestolen told InternetNews.com. "We're looking at things like infrastructure reviews, design, implementation services, support services and an on-site knowledge transfer to bring them up to speed."
To receive LSPP certification, Lillestolen said a vendor must demonstrate data labeling as well as strong audit capabilities. RHEL 5 achieves LSPP in part by way of a SELinux policy mechanism that enables users to label processes or objects with "secret" or "top secret" labels. SELinux provides access controls for the Linux kernel itself, and was developed in cooperation with the National Security Agency.
The EAL 4 LSPP certification is also tied directly to the hardware on which the operating system will run, which is why the participation of hardware vendors in certification is critical.