CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

Administrative Guide 

This Security Target (ST) defines the Red Hat Enterprise Linux 9.0 EUS Target of Evaluation (TOE) for the purposes of Common Criteria (CC) evaluation. Red Hat Enterprise Linux 9.0 EUS is an open-source operating system that supports a general-purpose computing environment for multiple users and applications.

The TOE was evaluated on the following hardware:

      Table 1 - Evaluated Hardware

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux 9.0 EUS was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the Red Hat Enterprise Linux 9.0 EUS Common Criteria Guide, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux 9.0 EUS Security Target (ST). The project underwent CCEVS Validator review. The evaluation was completed in January 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

The TOE is an open-source, general purpose operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality.

The expected use cases (as defined by PP_OS_V4.3) for the TOE are:

o      Server System. The OS provides a platform for server-side services, either on physical or virtual hardware.

o      Cloud System. The OS provides a platform for providing cloud services running on physical or virtual hardware.

Users interact with the TOE locally (console) or remotely (SSH) via a CLI.

The TOE provides the following security functions:

o      Security Audit. The TOE generates and stores security relevant audit events. These logs are stored locally and are protected by restricting access to system administrators only.

o      Cryptographic Support. The TOE implements cryptographic operations in support of its security functions. Relevant CAVP certificates are listed in Table 2.

o      User Data Protection. The TOE implements access controls to prevent unauthorized access to files and directories.

o      Identification and Authentication. The TOE supports password and public-key authentication. The TOE supports a configurable password and account lockout policy.

o      Security Management. The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF.

o      TOE Access. The TOE displays informative banners before users are allowed to establish a session.

o      Protection of the TSF. The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following kernel-space isolation and TSF self-protection mechanisms are implemented and enforced (full details are provided in the TOE Summary Specification section of the ST):

§    Address Space Layout Randomization for user space code.

§    Kernel and user-space ring-based separation of processes

§    Stack buffer overflow protection using stack canaries.

§    Secure Boot ensures that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with.

§    Updates to the operating system are only installed after their signatures have been successfully validated.

§    Application Allow-lists restrict execution to known/trusted applications.

o      Trusted Path/Channels. The TOE supports TLSv1.2 and SSHv2 to secure remote communications.  Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.

Table 2: CAVP Certificates

Vendor Information