Red Hat on Thursday announced that JBoss Enterprise Application Platform 5.1.0 and 5.1.1 have been awarded Common Criteria certification at Evaluation Assurance Level 4 (EAL4+) under the Common Criteria Evaluation and Certification Scheme (CCS). Common Criteria is a set of internationally approved criteria for evaluating and certifying the information security of IT products and information systems, and EAL4+ is the highest assurance level that is recognized globally by all signatories under the Common Criteria Recognition Agreement for this category of solutions. This certification also marks the highest level of Common Criteria certification for the JBoss Enterprise Middleware portfolio.

“Security remains one of the most important considerations for security-conscious industries like government, financial services and healthcare considering new technology solutions, and achieving Common Criteria certification gives customers the added confidence that our solutions meet specific, internationally recognized benchmarks for security performance,” explained Paul Smith, general manager and vice president, public sector operations, Red Hat. “We made the commitment to upgrade our Common Criteria certification for the JBoss Enterprise Application Platform from EAL2 to EAL4+, and achieving the highest available certification level is a testament to our ongoing efforts to meeting the needs of security-conscious government organizations and businesses.”

To facilitate this certification, Red Hat worked with atsec information security, a government accredited laboratory in the United States and Germany, that tested and validated the security, performance and reliability of the solution against the Common Criteria Standard for Information Security Evaluation (ISO/IEC 15408) at EAL4+. Their tests, and the resulting certification, validate JBoss Enterprise Application Platform as one of the most trusted platforms for building, deploying, and hosting enterprise Java applications and services.

“We are proud that Red Hat chose atsec as the laboratory for the Common Criteria evaluation, as this project continues our successful business relationship with Red Hat,” said Ken Hake, Common Criteria laboratory manager for atsec U.S. “Red Hat’s completion of this Common Criteria project will result in more assurance for customers who run JBoss Enterprise Middleware in business critical environments.”

This certification supports Red Hat's reputation as leader in providing solutions that are designed for security-sensitive environments and government use. To date, Red Hat has achieved 16 different Common Criteria certifications, including 13 certifications for Red Hat Enterprise Linux across four different hardware platforms. Red Hat Enterprise Linux 5 has achieved Common Criteria certification at EAL4+ under the Controlled Access Protection Profile (CAPP), Label Security Protection Profile (LSPP), and the Role-Based Access Control Protection Profile (RBACPP), providing a leading level of security and assurance from a mainstream operating system.

Continuing this commitment, Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 are both currently “In Evaluation” for Common Criteria Certification at EAL4+, with the inclusion of the KVM Hypervisor.