Red Hat, a leading provider of open source solutions has announced that its JBoss Enterprise Application Platform (EAP) 6.2 has been awarded the Common Criteria Certification at Evaluation Assurance Level (EAL) 4+ – the highest level of assurance for a commercial middleware platform.
This certification delivers government agencies, financial institutions, and customers in other security-sensitive environments the assurance that Red Hat JBoss EAP 6.2 meets government security standards.
It’s worth mentioning that, Common Criteria is an internationally acknowledged set of standards used by the federal government and organizations to evaluate the security and assurance of technology products. The Common Criteria Certification cannot guarantee security, but it can guarantee that claims about the security attributes of the evaluated product were individually verified.
To recap, JBoss EAP 5.1.0 and 5.1.1 also achieved Common Criteria certification at the EAL4+ assurance level in 2012.
Paul Smith, VP and GM, Public Sector, Red Hat said, “We’re exceptionally proud that Red Hat JBoss Enterprise Application Platform has, once again, been granted Common Criteria Certification. It’s an important distinction that tells our customers that when they use Red Hat JBoss Enterprise Application Platform they’re using a Java EE server that’s highly secure. In short, they have the confidence that comes from knowing that their sensitive applications, services and data is on a platform that meets these rigorous security standards. Common Criteria accreditation is a high water mark for security standards. It is a non-trivial effort in terms of labor and economic investment, and is part of the value of the Red Hat subscription that differentiates enterprise-class open source from the projects from which they are derived.”
Kenneth Hake, Common Criteria laboratory manager, atsec U.S said, “We are proud to continue to be Red Hat’s laboratory of choice for evaluating its products for Common Criteria Certification. The completion of this certification for JBoss Enterprise Application Platform 6.2 means that the product meets rigorous security standards at the EAL 4+. The evaluation included the security functionality of Access Control, Role Based Access Control for management interfaces, Audit, Clustering, Identification and Authentication, and Transaction Rollback within the scope.”