HPBacksRedHatinGovernmentBizBid

WhenitcomestobigenterpriseITdeploymentsintheU.S.,thereisnoenterprisebiggerthanthefederalgovernmentitself.LinuxvendorRedHatishopingforalargerportionofthegovernment'smulti-billiondollarITspendingwithitswidest-everarrayofsecuritycertifications,thankstoassistancefromHP.HPtodayreleasednewMulti-LevelSecurity(MLS)ServicesforRedHatEnterpriseLinux5insupportoftheopensourceOSvendor'sgovernmentpush.AtthecoreofMLSServicesisthefactthatHPhasachievedCommonCriteriacertificationattheEAL4levelwiththeLabeledSecurityProtectionProfile(LSPP)--certificationsthatmeanHP,andnowRedHat,arecanmeethigh-levelgovernmentsecurityrequirements.CommonCriteriacertifications,forinstance,arekeygovernmentcertificationsthatensureadegreeofsecuritycomplianceagainstknowncriteria.TheannouncementcomesasRedHatkicksoffitsthirdannualGovernmentUsersandDevelopersConferenceinWashington,D.C.TheHPeffort"helpsvalidatenotonlyMLSrequirementsingovernmentbutalsothefactthatgovernmentcustomerswantchoice,"PaulSmith,RedHat'svicepresidentofgovernmentsalesoperationstoldInternetNews.com."HP'sannouncementsendstheresoundingmessagingthatgovernmentcustomerswantcollaborationandflexibilityintheirsolutions,amoveawayfromtheproprietaryvendorlock-inthatoncedominated."ErikLillestolen,HP'sgovernmentprogrammanagerforopensourceandLinuxorganization,saidtheeffortwillhelpcurbconcernsaboutimplementingnewtechnologies.(RedHatEnterpriseLinux5debutedinMarch.)"We'reputtingtogetheraservicethatwe'reofferingtothefederalgovernmenttohelpthemimplementMLSenvironmentintheirowninfrastructure,"LillestolentoldInternetNews.com."We'relookingatthingslikeinfrastructurereviews,design,implementationservices,supportservicesandanon-siteknowledgetransfertobringthemuptospeed."ToreceiveLSPPcertification,Lillestolensaidavendormustdemonstratedatalabelingaswellasstrongauditcapabilities.RHEL5achievesLSPPinpartbywayofaSELinuxpolicymechanismthatenablesuserstolabelprocessesorobjectswith"secret"or"topsecret"labels.SELinuxprovidesaccesscontrolsfortheLinuxkernelitself,andwasdevelopedincooperationwiththeNationalSecurityAgency.TheEAL4LSPPcertificationisalsotieddirectlytothehardwareonwhichtheoperatingsystemwillrun,whichiswhytheparticipationofhardwarevendorsincertificationiscritical.RedHatisn'tthesoleLinuxdistributionthatHPsellsandsupports.Novell'sSUSELinuxaswellasDebianLinuxarebothsupportedbyHP.YetLillestolensaidneitherNovellnorDebianhasgonethroughCommonCriteriacertificationsforthesamelevelofsecurityasRHEL5."Withthisannouncementformulti-levelsecurity,ifyou'reusingLinux,youprettymuchhavetouseRHEL5,"Lillestolensaid."YouhavetwoaspectstoCommonCriteria:Youhaveyourassurancelevelandyouhaveyourprotectionprofile.TheNovellprotectionprofiledoesn'thavelabeledprotectionprofile,whichiswhatyouneedforMLS."ComparedtoRHEL5'sapproach,Novell'sSUSELinuxalsousesaframeworkcalledAppArmor,whichprovidesthesametypeofaccesscontrolintheLinuxkernel.InadditiontoHP,HPalsohascertifiedRHEL5toEAL4withLSPP.Lillestolensaid,however,thatHPhasgonefurtherthanBigBluebycertifyingawiderrangeofhardware."Wewentallthewayfromourtopendintegrityservertonotebooks,"hesaid."Itletscustomerschoosetheareaswheretheyneedtobewhichisthebroadestplatformsetintheindustry.WearenotawareofaspecificservicebyIBMthatiscomparablefortheMLScustomer."IBMwasnotimmediatelyavailableforcomment.