NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Red Hat Enterprise Linux 9.0 EUS

Certificate Date:  2024.01.09

Validation Report Number:  CCEVS-VR-VID11379-2024

Product Type:    Remote Access
   Network Encryption
   Operating System

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Functional Package for SSH Version 1.0
  Functional Package for TLS Version 1.1
  Protection Profile for General Purpose Operating Systems Version 4.3

CC Testing Lab:  Lightship Security USA, Inc.

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Product Description

This Security Target (ST) defines the Red Hat Enterprise Linux 9.0 EUS Target of Evaluation (TOE) for the purposes of Common Criteria (CC) evaluation. Red Hat Enterprise Linux 9.0 EUS is an open-source operating system that supports a general-purpose computing environment for multiple users and applications.

Evaluated Configuration

The TOE was evaluated on the following hardware:


      Table 1 - Evaluated Hardware





PowerEdge R440

Xeon Silver 4216 (Cascade Lake)


z16 3931-A01

IBM z16


POWER10 9080-HEX


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux 9.0 EUS was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the Red Hat Enterprise Linux 9.0 EUS Common Criteria Guide, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux 9.0 EUS Security Target (ST). The project underwent CCEVS Validator review. The evaluation was completed in January 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

The TOE is an open-source, general purpose operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality.

The expected use cases (as defined by PP_OS_V4.3) for the TOE are:

o      Server System. The OS provides a platform for server-side services, either on physical or virtual hardware.

o      Cloud System. The OS provides a platform for providing cloud services running on physical or virtual hardware.

Users interact with the TOE locally (console) or remotely (SSH) via a CLI.

The TOE provides the following security functions:

o      Security Audit. The TOE generates and stores security relevant audit events. These logs are stored locally and are protected by restricting access to system administrators only.

o      Cryptographic Support. The TOE implements cryptographic operations in support of its security functions. Relevant CAVP certificates are listed in Table 2.

o      User Data Protection. The TOE implements access controls to prevent unauthorized access to files and directories.

o      Identification and Authentication. The TOE supports password and public-key authentication. The TOE supports a configurable password and account lockout policy.

o      Security Management. The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF.

o      TOE Access. The TOE displays informative banners before users are allowed to establish a session.

o      Protection of the TSF. The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following kernel-space isolation and TSF self-protection mechanisms are implemented and enforced (full details are provided in the TOE Summary Specification section of the ST):

§    Address Space Layout Randomization for user space code.

§    Kernel and user-space ring-based separation of processes

§    Stack buffer overflow protection using stack canaries.

§    Secure Boot ensures that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with.

§    Updates to the operating system are only installed after their signatures have been successfully validated.

§    Application Allow-lists restrict execution to known/trusted applications.

o      Trusted Path/Channels. The TOE supports TLSv1.2 and SSHv2 to secure remote communications.  Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.

Table 2: CAVP Certificates



Operational Environment


Linux Kernel Crypto API

Provides DRBG for OS applications and for seeding OpenSSL

Intel Xeon Silver 4216
(Cascade Lake)





All other TOE cryptographic operations

Intel Xeon Silver 4216
(Cascade Lake)





Vendor Information

Red Hat, Inc.
Jaroslav Reznik
+420 532 294 645
Site Map              Contact Us              Home