NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Red Hat Enterprise Linux 7.6

Certificate Date:  2020.07.17

Validation Report Number:  CCEVS-VR-VID11039-2020

Product Type:    Operating System

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for General Purpose Operating Systems Version 4.2.1
  Extended Package for Secure Shell (SSH) Version 1.0

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

Evalution Configuration

Red Hat® Enterprise Linux® is the world’s leading enterprise Linux platform. It’s an open source operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality. The TOE also supports secure connectivity with several other IT environment devices as described in Table 1 below,

Component

Required

Usage/Purpose Description for TOE performance

TOE HW Platform

Yes

x86_64 platform to run RHEL on. The platform must protect the TOE from hardware vulnerabilities, support UEFI Secure Boot, and provide network connectivity.

Workstation with SSH Client

No

This includes any IT Environment Management workstation with an SSH client installed that is used by the TOE users (including administrators) to remotely connect to the TOE through SSH protected channels. Any SSH client that supports SSHv2 may be used.

Audit Server

No

The audit server is used for remote storage of audit records that have been generated by and transmitted from the TOE.

Update Server

Yes

Provides the ability to check for updates to the TOE as well as providing signed updates.

Table 1 IT Environment Components

 

Physical Boundaries

The TOE itself does not have physical boundaries; however, the TOE was evaluated on a Dell Inc. PowerEdge R630 with an Intel(R) Xeon(R) E5-2620v4 processor.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux 7.6 was evaluated is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the RHEL 7.6 Common Criteria Configuration for GPOSPP version 4.2.1, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux 7.6 Security Target version 1.1 The project underwent CCEVS Validator review.  The evaluation was completed in June 2020.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Security Functions provided by the TOE

The TOE provides the security functionality required by [GPOSPP] and [SSHEP].

Security Audit

The TOE generates and stores audit events using the Lightweight Audit Framework (LAF). The LAF is designed to be an audit system making Linux compliant with the requirements from Common Criteria by intercepting all system calls and receiving audit events from privileged user space applications. The framework allows configuring the events to be recorded from the set of all events that are possible to be audited. Each audit record contains the date and time of event, type of event, subject identity, user identity and results (success/fail) of the action if applicable.

Cryptographic Support

The TOE provides a broad range of cryptographic support; providing SSHv2 and TLSv1.2 protocol implementations in addition to individual cryptographic algorithms.

The cryptographic services provided by the TOE are described below.

Cryptographic Protocol

Use within the TOE

SSH Client

The TOE allows administrators and users to connect to remote SSH servers.

SSH Server

The TOE allows remote administrators to connect using SSH.

TLS Client

The TOE connects to remote trusted IT entities using TLS.

Table 2 TOE Cryptographic Protocols

The TOE includes two cryptographic libraries/implementations. Each of these cryptographic algorithms has been validated for conformance to the requirements specified in their respective standards, as identified below.

Algorithm

Related SFRs

TOE Use

CAVP Certificate #

OpenSSL Version 7.0

AES

FCS_COP.1(1)

FCS_COP.1(1)/SSH

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

FCS_STO_EXT.1

SSH AES CBC and CTR modes with 128 and 256-bit keys

TLS AES CBC and GCM modes with 128 and 256-bit keys

File Encryption using AES CBC with 128 and 256-bit keys

C1443

Diffie-Hellman

FCS_CKM.2

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

SSH Diffie-Hellman Group 14 Key Establishment

TLS Diffie-Hellman Group 14 Key Establishment

N/A

DRBG

FCS_DRBG_EXT.1

CTR_DRBG (AES-256)

C1443

ECDSA

FCS_CKM.1

FCS_COP.1(3)

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

FCS_TLSC_EXT.2

FCS_TLSC_EXT.4

SSH ECDSA P-256 and P-384 Host Key and User Key Generation

SSH EC Diffie-Hellman P-256, P-384, and P-521 Key Generation

SSH ECDSA P-256 and P-384 Host and User Signature Generation and Verification

TLS ECDSA P-256, P-384, and P-521 Client Key Generation

TLS EC Diffie-Hellman P-256, P-384, and P-521 Key Generation

TLS ECDSA P-256, P-384, and P-521 Signature Generation and Verification

C1443

HMAC

FCS_COP.1(4)

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

SSH HMAC-SHA-256 and HMAC-SHA-512

TLS HMAC-SHA-1, HMAC-SHA-256, and HMAC-SHA-384

TLS HMAC-SHA-256 and HMAC-SHA-384 Key Derivation

C1443

KAS

FCS_CKM.2

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.2

SSH EC Diffie-Hellman P-256, P-384, and P-521 Key Establishment

TLS EC Diffie-Hellman P-256, P-384, and P-521 Key Establishment

C1443

RSA

FCS_CKM.1

FCS_CKM.2

FCS_COP.1(3)

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

FPT_TST_EXT.1

SSH RSA 2048-bit and 3072-bit Host Key and User Key Generation

SSH RSA 2048-bit and 3072-bit Host and User Signature Generation and Verification

TLS RSA 2048-bit and 3072-bit Key Establishment

TLS RSA 2048-bit and 3072-bit Signature Verification

Self-Test RSA 2048 Signature Verification

C1443

N/A for Key Establishment uses

SHS

FCS_COP.1(2)

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

SSH SHA-1, SHA-256, SHA-384, and SHA-512 Key Derivation

SHA-1, SHA-256, SHA-384, and SHA-512 for Digital Signatures and HMACs

C1443

NSS v6.0

RSA

FCS_COP.1(3)

FPT_TUD_EXT.1

FPT_TUD_EXT.2

Trusted Update RSA 4096 Signature Verification

C1624

SHS

FCS_COP.1(2)

SHA-256 for Digital Signatures

C1624

Table 3 CAVP Algorithm Testing References

The OpenSSL library provides TLS Client functions that may be used by applications. The OpenSSL library also provides the cryptographic algorithms for the SSH Client, SSH Server, and Secure Boot functionality.

The NSS library provides cryptographic algorithms for Trusted Update functionality.

User Data Protection

Discretionary Access Control (DAC) allows the TOE to assign owners to file system objects and Inter-Process Communication (IPC) objects. The owners are allowed to modify Unix-type permission bits for these objects to permit or deny access for other users or groups. The DAC mechanism also ensures that untrusted users cannot tamper with the TOE mechanisms.

The TOE also implements POSIX Access Control Lists (ACLs) that allow the specification of the access to individual file system objects down to the granularity of a single user.

Identification and Authentication

User identification and authentication in the TOE includes all forms of interactive login (e.g. using the SSH protocol or log in at the local console) as well as identity changes through the su or sudo command. These all rely on explicit authentication information provided interactively by a user.

The authentication security function allows password-based authentication. For SSH access, public-key-based authentication is also supported.

Password quality enforcement mechanisms are offered by the TOE which are enforced at the time when the password is changed.

Security Management

The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF.

Protection of the TSF

The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following self-protection mechanisms are implemented and enforced:

·         Address Space Layout Randomization for user space code.

·         Stack buffer overflow protection using stack canaries.

·         Secure Boot ensuring that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with.

·         Updates to the operating system are only installed after their signatures have been successfully validated.

TOE Access

The TOE displays informative banners before users are allowed to establish a session.

Trusted Path/Channels

The TOE supports TLSv1.2 and SSHv2 to secure remote communications.  Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.

 


Vendor Information


Red Hat, Inc.
Jaroslav Reznik
+1 919 754 4950
+1 919 800 3804
jreznik@redhat.com

https://www.redhat.com
Site Map              Contact Us              Home