Red Hat just concluded its Red Hat Government User's Conference, but it also announced an initiative with HP that will persist beyond the one-day conference: Multi-Level Security (MLS) Services for Red Hat Enterprise Linux 5.
At the core of MLS Services is the fact that HP has achieved Common Criteria certification at the EAL 4 level with the Labeled Security Protection Profile (LSPP) -- certifications that mean HP, and now Red Hat, are can meet high-level government security requirements. Common Criteria certifications, for instance, are key government certifications that ensure a degree of security compliance against known criteria.
The expectation is that by raising the level of security in its products, Red Hat can lower barriers to open-source adoption.
While security isn't isolated to Red Hat Enterprise Linux (HP also supports Debian and SUSE), HP says that RHEL offers the highest level of security:
Red Hat isn't the sole Linux distribution that HP sells and supports. Novell's SUSE Linux as well as Debian Linux are both supported by HP. Yet Lillestolen said neither Novell nor Debian has gone through Common Criteria certifications for the same level of security as RHEL 5.
"With this announcement for multi-level security, if you're using Linux, you pretty much have to use RHEL 5," Lillestolen said. "You have two aspects to Common Criteria: You have your assurance level and you have your protection profile. The Novell protection profile doesn't have labeled protection profile, which is what you need for MLS."
I find it interesting that HP would go on the record with that statement, given all the background noise about how HP (and IBM, Dell, etc.) are trying to hedge their bets against Red Hat. This sounds like a pretty resounding vote of confidence in Red Hat by HP.
Regardless, it's good news for US government buyers.