Compliant Product - Red Hat Enterprise Linux 9.0 EUS
Certificate Date:
2024.01.09
CC Certificate
Security Target
Validation Report
Validation Report Number: CCEVS-VR-VID11379-2024 Product Type: Remote Access Network Encryption Operating System Conformance Claim: Protection Profile Compliant PP Identifier: Functional Package for SSH Version 1.0 Functional Package for TLS Version 1.1 Protection Profile for General Purpose Operating Systems Version 4.3 CC Testing Lab: Lightship Security USA, Inc. Assurance Activity Administrative Guide Administrative Guide
Product Description
This Security Target (ST) defines the Red Hat Enterprise Linux 9.0 EUS Target of Evaluation (TOE) for the purposes of Common Criteria (CC) evaluation. Red Hat Enterprise Linux 9.0 EUS is an open-source operating system that supports a general-purpose computing environment for multiple users and applications.
Evaluated Configuration
The TOE was evaluated on the following hardware:
Table 1 - Evaluated Hardware
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux 9.0 EUS was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the Red Hat Enterprise Linux 9.0 EUS Common Criteria Guide, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux 9.0 EUS Security Target (ST). The project underwent CCEVS Validator review. The evaluation was completed in January 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Environmental Strengths
The TOE is an open-source, general purpose operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality. The expected use cases (as defined by PP_OS_V4.3) for the TOE are: o Server System. The OS provides a platform for server-side services, either on physical or virtual hardware. o Cloud System. The OS provides a platform for providing cloud services running on physical or virtual hardware. Users interact with the TOE locally (console) or remotely (SSH) via a CLI. The TOE provides the following security functions: o Security Audit. The TOE generates and stores security relevant audit events. These logs are stored locally and are protected by restricting access to system administrators only. o Cryptographic Support. The TOE implements cryptographic operations in support of its security functions. Relevant CAVP certificates are listed in Table 2. o User Data Protection. The TOE implements access controls to prevent unauthorized access to files and directories. o Identification and Authentication. The TOE supports password and public-key authentication. The TOE supports a configurable password and account lockout policy. o Security Management. The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF. o TOE Access. The TOE displays informative banners before users are allowed to establish a session. o Protection of the TSF. The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following kernel-space isolation and TSF self-protection mechanisms are implemented and enforced (full details are provided in the TOE Summary Specification section of the ST): § Address Space Layout Randomization for user space code. § Kernel and user-space ring-based separation of processes § Stack buffer overflow protection using stack canaries. § Secure Boot ensures that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with. § Updates to the operating system are only installed after their signatures have been successfully validated. § Application Allow-lists restrict execution to known/trusted applications. o Trusted Path/Channels. The TOE supports TLSv1.2 and SSHv2 to secure remote communications. Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.
Vendor InformationRed Hat, Inc. Jaroslav Reznik +420 532 294 645 jreznik@redhat.com http://www.redhat.com |