NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Red Hat Enterprise Linux 8.2

Certificate Date:  2022.03.09

Validation Report Number:  CCEVS-VR-VID11202-2022

Product Type:    Operating System

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for General Purpose Operating Systems Version 4.2.1
  Extended Package for Secure Shell (SSH) Version 1.0

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE supports (sometimes optionally) secure connectivity with several other IT environment devices as described in the table below:

Component

Required

Usage/Purpose Description for TOE performance

Workstation with SSH Client

No

This includes any IT Environment Management workstation with an SSH client installed that is used by the TOE users (including administrators) to remotely connect to the TOE through SSH protected channels. Any SSH client that supports SSHv2 may be used.

Audit Server

No

The audit server is used for remote storage of audit records that have been generated by and transmitted from the TOE.

Update Server

Yes

Provides the ability to check for updates to the TOE as well as providing signed updates.

Physical Boundaries

The TOE itself does not have physical boundaries; however, the TOE was evaluated on the following hardware:

Vendor

Model

CPU

Dell Inc.

PowerEdge R440

Xeon Silver 42xx

Dell Inc.

PowerEdge R540

Xeon Silver 42xx

Dell Inc.

PowerEdge R640

Xeon Silver 42xx

Dell Inc.

PowerEdge R740

Xeon Silver 42xx

Dell Inc.

PowerEdge R740XD

Xeon Silver 42xx

Dell Inc.

PowerEdge R840

Xeon Silver 42xx

Dell Inc.

PowerEdge R940

Xeon Silver 42xx

Dell Inc.

PowerEdge R940xa

Xeon Silver 42xx

The Xeon Silver 4200 series processors are 2nd Generation Intel® Xeon® Scalable Processors and implement the Cascade Lake microarchitecture.

The TOE was tested on a PowerEdge R740 with a Xeon Silver 4216 CPU.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Red Hat Enterprise Linux 8.2 CC Guidance, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux 8.2 Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in March 2022.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The TOE provides the security functionality required by [GPOSPP] and [SSHEP].

Security Audit

The TOE generates and stores audit events using the Lightweight Audit Framework (LAF). The LAF is designed to be an audit system making Linux compliant with the requirements from Common Criteria by intercepting all system calls and retrieving audit log entries from privileged user space applications. The framework allows configuring the events to be recorded from the set of all events that are possible to be audited. Each audit record contains the date and time of event, type of event, subject identity, user identity, and result (success/fail) of the action if applicable.

Cryptographic Support

The TOE provides a broad range of cryptographic support; providing SSHv2 and TLSv1.2 protocol implementations in addition to individual cryptographic algorithms.

The cryptographic services provided by the TOE are described below:

 Cryptographic Protocol

 Use within the TOE

SSH Client

The TOE allows administrators and users to connect to remote SSH servers.

SSH Server

The TOE allows remote administrators to connect using SSH.

TLS Client

The TOE connects to remote trusted IT entities using TLS.

Table 1 TOE Cryptographic Protocols

The TOE includes the OpenSSL cryptographic library. Each cryptographic algorithm has been validated for conformance to the requirements specified in their respective standards as identified below:

 Algorithm

 Related SFRs

 TOE Use

 CAVP Certificate #

OpenSSL 1.1.1c with algorithm version rhel8.20210325cc

AES

FCS_COP.1(1)

FCS_COP.1(1)/SSH

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

FCS_STO_EXT.1

SSH AES CBC and CTR modes with 128 and 256-bit keys

TLS AES CBC and GCM modes with 128 and 256-bit keys

File Encryption using AES CBC with 128 and 256-bit keys

A2222

Diffie-Hellman

FCS_CKM.2

FCS_TLSC_EXT.1

TLS Diffie-Hellman Group 14 Key Establishment

N/A

DRBG

FCS_RBG_EXT.1

CTR_DRBG (AES-256)

A2222

ECDSA

FCS_CKM.1

FCS_COP.1(3)

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

FCS_TLSC_EXT.2

SSH ECDSA P-256 and P-384 Host Key and User Key Generation

SSH EC Diffie-Hellman P-256, P-384, and P-521 Key Generation

SSH ECDSA P-256 and P-384 Host and User Signature Generation and Verification

TLS ECDSA P-256, P-384, and P-521 Client Key Generation

TLS EC Diffie-Hellman P-256, P-384, and P-521 Key Generation

TLS ECDSA P-256, P-384, and P-521 Signature Generation and Verification

A2222

HMAC

FCS_COP.1(4)

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

SSH HMAC-SHA-256 and HMAC-SHA-512

TLS HMAC-SHA-256, and HMAC-SHA-384

TLS HMAC-SHA-256 and HMAC-SHA-384 Key Derivation

A2222

KAS

FCS_CKM.2

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.2

SSH EC Diffie-Hellman P-256, P-384, and P-521 Key Establishment

TLS EC Diffie-Hellman P-256, P-384, and P-521 Key Establishment

A2222

RSA

FCS_CKM.1

FCS_CKM.2

FCS_COP.1(3)

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

FCS_TLSC_EXT.1

FPT_TST_EXT.1

FPT_TUD_EXT.1

FPT_TUD_EXT.2

SSH RSA 2048-bit, 3072-bit, and 4096-bit Host Key and User Key Generation

SSH RSA 2048-bit, 3072-bit, and 4096-bit Host and User Signature Generation and Verification

TLS RSA 2048-bit, 3072-bit, and 4096-bit Client Key Generation

TLS RSA 2048-bit, 3072-bit, and 4096-bit Key Establishment (CAVP certificate is N/A)

TLS RSA 2048-bit, 3072-bit, and 4096-bit Signature Generation and Verification

Self-Test RSA 2048 Signature Verification

Trusted Update RSA 4096 Signature Verification

A2222

SHS

FCS_COP.1(2)

FCS_SSHC_EXT.1

FCS_SSHS_EXT.1

SHA-256, SHA-384, and SHA-512 Key Derivation

SHA-256, SHA-384, and SHA-512 for Digital Signatures and HMACs

A2222

Table 2 CAVP Algorithm Testing References

The OpenSSL library provides the TLS Client function. The OpenSSL library also provides the cryptographic algorithms for the SSH Client, SSH Server, trusted update, and secure boot security functions.

User Data Protection

Discretionary Access Control (DAC) allows the TOE to assign owners to file system objects and Inter-Process Communication (IPC) objects. The owners are allowed to modify Unix-type permission bits for these objects to permit or deny access for other users or groups. The DAC mechanism also ensures that untrusted users cannot tamper with the TOE mechanisms.

The TOE also implements POSIX Access Control Lists (ACLs) that allow the specification of the access to individual file system objects down to the granularity of a single user.

Identification and Authentication

User identification and authentication in the TOE includes all forms of interactive login (e.g. using the SSH protocol or log in at the local console) as well as identity changes through the su or sudo command. These all rely on explicit authentication information provided interactively by a user.

The authentication security function allows password-based authentication. For SSH access, public-key-based authentication is also supported.

Password quality enforcement mechanisms are offered by the TOE which are enforced at the time when the password is changed.

Security Management

The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF.

Protection of the TSF

The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following self-protection mechanisms are implemented and enforced:

  • Address Space Layout Randomization for user space code.
  • Stack buffer overflow protection using stack canaries.
  • Secure Boot ensuring that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with.
  • Updates to the operating system are only installed after their signatures have been successfully validated.
  • Application Whitelisting restricts execution to known/trusted applications.

TOE Access

The TOE displays informative banners before users are allowed to establish a session.

Trusted Path/Channels

The TOE supports TLSv1.2 and SSHv2 to secure remote communications.  Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.


Vendor Information


Red Hat, Inc.
Jaroslav Reznik
+420 532 294 645
jreznik@redhat.com

www.redhat.com
Site Map              Contact Us              Home