{"product_id":11379,"v_id":11379,"product_name":"Red Hat Enterprise Linux 9.0 EUS","certification_status":"Certified","certification_date":"2024-01-09T00:00:00Z","tech_type":"Network Encryption, Operating System, Remote Access","vendor_id":{"name":"Red Hat, Inc.","website":"http://www.redhat.com"},"vendor_poc":"Chris Zinda","vendor_phone":"+1-717-360-1923","vendor_email":"czinda@redhat.com","assigned_lab":{"cctl_name":"Lightship Security USA, Inc."},"product_description":"<p class=\"MsoNormal\" style=\"text-align: justify;\"><span style=\"mso-bidi-font-weight: bold;\">This Security Target (ST) defines the Red Hat Enterprise Linux 9.0 EUS Target of Evaluation (TOE) for the purposes of Common Criteria (CC) evaluation. Red Hat Enterprise Linux 9.0 EUS is an open-source operating system that supports a general-purpose computing environment for multiple users and applications.</span></p>","evaluation_configuration":"<p class=\"MsoNormal\" style=\"text-align: justify;\"><span style=\"mso-bidi-font-weight: bold;\">The TOE was evaluated on the following hardware:</span></p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify;\"><strong style=\"text-align: center;\"><span lang=\"EN-AU\">&nbsp; &nbsp; &nbsp; Table </span><span lang=\"EN-AU\">1</span></strong><span lang=\"EN-AU\" style=\"text-align: center;\"><strong> - Evaluated Hardware</strong></span></p>\r\n<table class=\"MsoNormalTable\" style=\"margin-left: 5.0pt; border-collapse: collapse; mso-table-layout-alt: fixed; mso-padding-alt: 0in 0in 0in 0in;\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes; height: 24.15pt;\">\r\n<td style=\"width: 67.35pt; border: solid black 1.0pt; mso-border-alt: solid black .5pt; background: #3770C7; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 6.1pt 0in .0001pt .3pt;\" align=\"center\"><a name=\"_bookmark0\"></a><strong><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; color: white; letter-spacing: -.1pt;\">Vendor</span></strong></p>\r\n</td>\r\n<td style=\"width: 207.1pt; border: solid black 1.0pt; border-left: none; mso-border-left-alt: solid black .5pt; mso-border-alt: solid black .5pt; background: #3770C7; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"276\">\r\n<p class=\"MsoNormal\" style=\"margin: 6.1pt 0in 0.0001pt 0.3pt; text-align: center;\" align=\"center\"><strong><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; color: white; letter-spacing: -.1pt;\">Model</span></strong></p>\r\n</td>\r\n<td style=\"width: 137.05pt; border: solid black 1.0pt; border-left: none; mso-border-left-alt: solid black .5pt; mso-border-alt: solid black .5pt; background: #3770C7; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"183\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 6.1pt .05pt .0001pt .25pt;\" align=\"center\"><strong><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; color: white; letter-spacing: -.2pt;\">CPU</span></strong></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 1; height: 38.45pt;\">\r\n<td style=\"width: 67.35pt; border: solid black 1.0pt; border-top: none; mso-border-top-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 38.45pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 6.1pt .05pt .0001pt .3pt;\" align=\"center\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; letter-spacing: -.2pt;\">Dell</span></p>\r\n</td>\r\n<td style=\"width: 207.1pt; border-top: none; border-left: none; border-bottom: solid black 1.0pt; border-right: solid black 1.0pt; mso-border-top-alt: solid black .5pt; mso-border-left-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 38.45pt;\" valign=\"top\" width=\"276\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 6.1pt .05pt .0001pt .3pt;\" align=\"center\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">PowerEdge R440</span></p>\r\n</td>\r\n<td style=\"width: 137.05pt; border-top: none; border-left: none; border-bottom: solid black 1.0pt; border-right: solid black 1.0pt; mso-border-top-alt: solid black .5pt; mso-border-left-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 38.45pt;\" valign=\"top\" width=\"183\">\r\n<p class=\"MsoNormal\" style=\"text-indent: -2.8pt; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 5.95pt 0in .0001pt 36.5pt;\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Xeon Silver 4216 (Cascade Lake)</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2; height: 24.15pt;\">\r\n<td style=\"width: 67.35pt; border: solid black 1.0pt; border-top: none; mso-border-top-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 5.95pt .1pt .0001pt .3pt;\" align=\"center\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; letter-spacing: -.2pt;\">IBM</span></p>\r\n</td>\r\n<td style=\"width: 207.1pt; border-top: none; border-left: none; border-bottom: solid black 1.0pt; border-right: solid black 1.0pt; mso-border-top-alt: solid black .5pt; mso-border-left-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"276\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 5.95pt 0in .0001pt .3pt;\" align=\"center\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">z16 3931-A01</span></p>\r\n</td>\r\n<td style=\"width: 137.05pt; border-top: none; border-left: none; border-bottom: solid black 1.0pt; border-right: solid black 1.0pt; mso-border-top-alt: solid black .5pt; mso-border-left-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"183\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 5.95pt 0in .0001pt .25pt;\" align=\"center\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">IBM z16</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 3; mso-yfti-lastrow: yes; height: 24.15pt;\">\r\n<td style=\"width: 67.35pt; border: solid black 1.0pt; border-top: none; mso-border-top-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"90\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 5.95pt .1pt .0001pt .3pt;\" align=\"center\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; letter-spacing: -.2pt;\">IBM</span></p>\r\n</td>\r\n<td style=\"width: 207.1pt; border-top: none; border-left: none; border-bottom: solid black 1.0pt; border-right: solid black 1.0pt; mso-border-top-alt: solid black .5pt; mso-border-left-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"276\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 5.95pt 0in .0001pt .3pt;\" align=\"center\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">POWER10 9080-HEX</span></p>\r\n</td>\r\n<td style=\"width: 137.05pt; border-top: none; border-left: none; border-bottom: solid black 1.0pt; border-right: solid black 1.0pt; mso-border-top-alt: solid black .5pt; mso-border-left-alt: solid black .5pt; mso-border-alt: solid black .5pt; padding: 0in 0in 0in 0in; height: 24.15pt;\" valign=\"top\" width=\"183\">\r\n<p class=\"MsoNormal\" style=\"text-align: center; mso-layout-grid-align: none; punctuation-wrap: simple; text-autospace: none; mso-line-break-override: restrictions; margin: 5.95pt .15pt .0001pt .25pt;\" align=\"center\"><span style=\"mso-bidi-font-size: 10.0pt; font-family: 'Arial',sans-serif; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; letter-spacing: -.1pt;\">Power10</span></p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>","security_evaluation_summary":"<p class=\"MsoNormal\" style=\"text-align: justify;\">The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux 9.0 EUS was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the Red Hat Enterprise Linux 9.0 EUS Common Criteria Guide, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux 9.0 EUS Security Target (ST). The project underwent CCEVS Validator review. The evaluation was completed in January 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.</p>","environmental_strengths":"<p class=\"MsoNormal\" style=\"text-align: justify;\">The TOE is an open-source, general purpose operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify;\">The expected use cases (as defined by PP_OS_V4.3) for the TOE are:</p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong>Server System.</strong> The OS provides a platform for server-side services, either on physical or virtual hardware.</p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong>Cloud System.</strong> The OS provides a platform for providing cloud services running on physical or virtual hardware.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify;\">Users interact with the TOE locally (console) or remotely (SSH) via a CLI.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify;\"><a name=\"_Toc127973729\"></a><a name=\"_Toc128383328\"></a><a name=\"_Toc127973730\"></a><a name=\"_Toc128383329\"></a><a name=\"_Toc127973731\"></a><a name=\"_Toc128383330\"></a><a name=\"_Toc127973732\"></a><a name=\"_Toc128383331\"></a><a name=\"_Toc127973733\"></a><a name=\"_Toc128383332\"></a><a name=\"_Toc127973734\"></a><a name=\"_Toc128383333\"></a><a name=\"_Toc127973735\"></a><a name=\"_Toc128383334\"></a><a name=\"_Toc497989787\"></a><a name=\"_Toc497991414\"></a>The TOE provides the following security functions:</p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong style=\"mso-bidi-font-weight: normal;\">Security Audit. </strong>The TOE generates and stores security relevant audit events. These logs are stored locally and are protected by restricting access to system administrators only.</p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong style=\"mso-bidi-font-weight: normal;\">Cryptographic Support. </strong><span style=\"mso-bidi-font-weight: bold;\">The TOE implements cryptographic operations in support of its security functions. </span>Relevant CAVP certificates are listed in <!-- [if supportFields]><span style='mso-element:field-begin'></span><span\r\nstyle='mso-spacerun:yes'> </span>REF _Ref490040301 \\h <span style='mso-element:\r\nfield-separator'></span><![endif]-->Table <span style=\"mso-no-proof: yes;\">2</span><!-- [if gte mso 9]><xml>\r\n <w:data>08D0C9EA79F9BACE118C8200AA004BA90B02000000080000000E0000005F005200650066003400390030003000340030003300300031000000</w:data>\r\n</xml><![endif]--><!-- [if supportFields]><span style='mso-element:field-end'></span><![endif]-->.</p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New'; mso-bidi-font-weight: bold;\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong style=\"mso-bidi-font-weight: normal;\">User Data Protection. </strong><span style=\"mso-bidi-font-weight: bold;\">The TOE implements access controls to prevent unauthorized access to files and directories. </span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong style=\"mso-bidi-font-weight: normal;\">Identification and Authentication. </strong>The TOE supports password and public-key authentication. The TOE supports a configurable password and account lockout policy.</p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong style=\"mso-bidi-font-weight: normal;\">Security Management. </strong><span style=\"mso-bidi-font-weight: bold;\">The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF.</span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong style=\"mso-bidi-font-weight: normal;\">TOE Access. </strong>The TOE displays informative banners before users are allowed to establish a session.</p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New'; mso-bidi-font-weight: bold;\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong style=\"mso-bidi-font-weight: normal;\">Protection of the TSF. </strong><span style=\"mso-bidi-font-weight: bold;\">The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following kernel-space isolation and TSF self-protection mechanisms are implemented and enforced (full details are provided in the TOE Summary Specification section of the ST):</span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level3 lfo1; tab-stops: list 113.4pt; margin: 6.0pt 0in 6.0pt 113.4pt;\"><!-- [if !supportLists]--><span style=\"font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings; mso-bidi-font-weight: bold;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-weight: bold;\">Address Space Layout Randomization for user space code.</span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level3 lfo1; tab-stops: list 113.4pt; margin: 6.0pt 0in 6.0pt 113.4pt;\"><!-- [if !supportLists]--><span style=\"font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings; mso-bidi-font-weight: bold;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-weight: bold;\">Kernel and user-space ring-based separation of processes</span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level3 lfo1; tab-stops: list 113.4pt; margin: 6.0pt 0in 6.0pt 113.4pt;\"><!-- [if !supportLists]--><span style=\"font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings; mso-bidi-font-weight: bold;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-weight: bold;\">Stack buffer overflow protection using stack canaries.</span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level3 lfo1; tab-stops: list 113.4pt; margin: 6.0pt 0in 6.0pt 113.4pt;\"><!-- [if !supportLists]--><span style=\"font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings; mso-bidi-font-weight: bold;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-weight: bold;\">Secure Boot ensures that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with.</span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level3 lfo1; tab-stops: list 113.4pt; margin: 6.0pt 0in 6.0pt 113.4pt;\"><!-- [if !supportLists]--><span style=\"font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings; mso-bidi-font-weight: bold;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-weight: bold;\">Updates to the operating system are only installed after their signatures have been successfully validated.</span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level3 lfo1; tab-stops: list 113.4pt; margin: 6.0pt 0in 6.0pt 113.4pt;\"><!-- [if !supportLists]--><span style=\"font-family: Wingdings; mso-fareast-font-family: Wingdings; mso-bidi-font-family: Wingdings; mso-bidi-font-weight: bold;\"><span style=\"mso-list: Ignore;\">&sect;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"mso-bidi-font-weight: bold;\">Application Allow-lists restrict execution to known/trusted applications.</span></p>\r\n<p class=\"MsoBodyText\" style=\"text-indent: -28.35pt; mso-list: l0 level2 lfo1; tab-stops: list 85.05pt; margin: 6.0pt 0in 6.0pt 85.05pt;\"><!-- [if !supportLists]--><span style=\"font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong style=\"mso-bidi-font-weight: normal;\">Trusted Path/Channels. </strong><span style=\"mso-bidi-font-weight: bold;\">The TOE supports TLSv1.2 and SSHv2 to secure remote communications.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.</span></p>\r\n<p class=\"MsoCaption\" style=\"break-after: avoid; text-align: center;\"><a name=\"_Toc153468122\"></a><strong><a name=\"_Ref490040301\"></a><span style=\"mso-bookmark: _Toc153468122;\"><span style=\"mso-ansi-language: EN-US;\">Table </span></span><!-- [if supportFields]><span\r\nstyle='mso-bookmark:_Ref490040301'><span style='mso-bookmark:_Toc153468122'></span></span><span\r\nstyle='mso-element:field-begin'></span><span style='mso-bookmark:_Ref490040301'><span\r\nstyle='mso-bookmark:_Toc153468122'><span style='mso-ansi-language:EN-US'><span\r\nstyle='mso-spacerun:yes'> </span>SEQ Table \\* ARABIC <span style='color:#2B579A;\r\nbackground:#E6E6E6'><span style='mso-element:field-separator'></span></span></span></span></span><![endif]--><span style=\"mso-bookmark: _Ref490040301;\"><span style=\"mso-bookmark: _Toc153468122;\"><span style=\"mso-ansi-language: EN-US; mso-no-proof: yes;\">2</span></span></span><!-- [if supportFields]><span\r\nstyle='mso-bookmark:_Ref490040301'><span style='mso-bookmark:_Toc153468122'></span></span><span\r\nstyle='mso-element:field-end'></span><![endif]--><span style=\"mso-bookmark: _Toc153468122;\"><span style=\"mso-ansi-language: EN-US;\">: CAVP Certificates</span></span></strong></p>\r\n<table class=\"MsoTableGrid\" style=\"width: 100.0%; border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 1184; mso-padding-alt: 0in 5.4pt 0in 5.4pt;\" border=\"1\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes;\">\r\n<td style=\"width: 16.94%; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; background: #3771C8; padding: 0in 5.4pt 0in 5.4pt;\" width=\"16%\">\r\n<p class=\"TableHeading\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Module</span></p>\r\n</td>\r\n<td style=\"width: 30.64%; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #3771C8; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"30%\">\r\n<p class=\"TableHeading\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Services</span></p>\r\n</td>\r\n<td style=\"width: 39.42%; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #3771C8; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"39%\">\r\n<p class=\"TableHeading\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Operational Environment</span></p>\r\n</td>\r\n<td style=\"width: 13.0%; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #3771C8; padding: 0in 5.4pt 0in 5.4pt;\" width=\"13%\">\r\n<p class=\"TableHeading\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">CAVP</span></p>\r\n</td>\r\n</tr>\r\n</thead>\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 1; height: 15.65pt;\">\r\n<td style=\"width: 16.94%; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" rowspan=\"3\" valign=\"top\" width=\"16%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Linux Kernel Crypto API<br />5.14.0</span></p>\r\n</td>\r\n<td style=\"width: 30.64%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" rowspan=\"3\" valign=\"top\" width=\"30%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Provides DRBG for OS applications and for seeding OpenSSL </span></p>\r\n</td>\r\n<td style=\"width: 39.42%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" valign=\"top\" width=\"39%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Intel Xeon Silver 4216 <br />(Cascade Lake)</span></p>\r\n</td>\r\n<td style=\"width: 13.0%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" rowspan=\"3\" valign=\"top\" width=\"13%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">A4770</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2; height: 15.65pt;\">\r\n<td style=\"width: 39.42%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" valign=\"top\" width=\"39%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Z16</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 3; height: 15.65pt;\">\r\n<td style=\"width: 39.42%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" valign=\"top\" width=\"39%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Power10</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 4; height: 15.65pt;\">\r\n<td style=\"width: 16.94%; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" rowspan=\"3\" valign=\"top\" width=\"16%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">OpenSSL<br />3.0.1</span></p>\r\n</td>\r\n<td style=\"width: 30.64%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" rowspan=\"3\" valign=\"top\" width=\"30%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">All other TOE cryptographic operations</span></p>\r\n</td>\r\n<td style=\"width: 39.42%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" valign=\"top\" width=\"39%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Intel Xeon Silver 4216 <br />(Cascade Lake)</span></p>\r\n</td>\r\n<td style=\"width: 13.0%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" rowspan=\"3\" valign=\"top\" width=\"13%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">A4771</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 5; height: 15.65pt;\">\r\n<td style=\"width: 39.42%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" valign=\"top\" width=\"39%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Z16</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 6; mso-yfti-lastrow: yes; height: 15.65pt;\">\r\n<td style=\"width: 39.42%; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; height: 15.65pt;\" valign=\"top\" width=\"39%\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US;\">Power10</span></p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<p class=\"Body\">&nbsp;</p>","features":[]}