CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The TOE supports (sometimes optionally) secure connectivity with several other IT environment devices as described in the table below:

Physical Boundaries

The TOE itself is an operating system which can be installed on any compatible hardware; as such, the TOE does not have physical boundaries.  However, the TOE was evaluated on the following hardware:

Dell Platforms:

The Xeon Silver 4200 series processors are 2nd Generation Intel® Xeon® Scalable Processors and implement the Cascade Lake microarchitecture.

The TOE was tested on a PowerEdge R740 with a Xeon Silver 4216 CPU.

IBM Platforms:

The TOE is one instance of RHEL 8 running on an abstract machine and has full control over the abstract machine inside an IBM z15 T01, T02, LT1, or LT2 mainframe (machine type 8561 or 8652). The abstract machine is provided by a logical partition of the z15 processor. The partition includes 5 IFL (Integrated Facility for Linux) processors. An IFL is a processor dedicated to and optimized for Linux workloads. Because of SMT, the IFL's appear as 10 logical processors allocated to the partition.

The TOE was tested on an IBM z15 T01 mainframe (machine type 8561).

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Red Hat Enterprise Linux 8.6 Common Criteria Guidance, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in January 2024.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

The TOE provides the security functions required by PP_OS_V4.2.1 and PKG_SSH_V1.0.

Security Audit

The TOE generates and stores audit events locally using administrator defined rules.

Cryptographic Support

The TOE provides a broad range of cryptographic support; providing SSHv2 and TLSv1.2 protocol implementations in addition to individual cryptographic algorithms.  The cryptographic services provided by the TOE are described below, and in full detail in Section 6.2 of this document.

TOE Cryptographic Protocols

The TOE includes the OpenSSL cryptographic library, and each cryptographic algorithm has been validated for conformance to the requirements specified in their respective standards.

The OpenSSL library provides the TLS Client function. The OpenSSL library also provides the cryptographic algorithms for the SSH Client, SSH Server, trusted update, and secure boot security functions. 

The TOE also provides a kernel cryptographic API (KCAPI), which implements an SP 800-90A compliant HMAC_DRBG to generate high-security random output for key generation or seed material.

User Data Protection

Discretionary Access Control (DAC) allows the TOE to assign owners to file system objects and Inter-Process Communication (IPC) objects. The owners are allowed to modify Unix-type permission bits for these objects to permit or deny access for other users or groups. The DAC mechanism also ensures that untrusted users cannot tamper with the TOE mechanisms.

The TOE also implements POSIX Access Control Lists (ACLs) that allow the specification of the access to individual file system objects down to the granularity of a single user.

Identification and Authentication

User identification and authentication in the TOE includes all forms of interactive login (e.g. using the SSH protocol or log in at the local console) as well as identity changes through the su or sudo command. These all rely on explicit authentication information provided interactively by a user.

The authentication security function allows password-based authentication. For SSH access, public-key-based authentication is also supported.

Password quality enforcement mechanisms are offered by the TOE which are enforced at the time when the password is changed.

Security Management

The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF.

TOE Access

The TOE displays informative banners before users are allowed to establish a session.

Protection of the TSF

The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following kernel-space isolation and TSF self-protection mechanisms are implemented and enforced (full details are provided in the TSS):

·        Address Space Layout Randomization for user space code.

·        Kernel and user-space ring-based separation of processes

·        Stack buffer overflow protection using stack canaries.

·        Secure Boot ensures that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with.

·        Updates to the operating system are only installed after their signatures have been successfully validated.

·        Application Whitelisting restricts execution to known/trusted applications.

Trusted Path/Channels

The TOE supports TLSv1.2 and SSHv2 to secure remote communications.  Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.

Vendor Information