Compliance Activities and Government Standards
Table of Contents
COMMON CRITERIA
Common Criteria (CC) is an international standard (ISO/IEC 15408) for certifying computer security software. Using Protection Profiles, computer systems can be secured to certain levels that meet requirements laid out by the Common Criteria. Learn more from the Common Criteria FAQ on the Red Hat Customer Portal.
PRODUCT | RELEASE | LEVEL | PROTECTION PROFILE | DOCUMENTATION & PLATFORMS | STATUS |
---|---|---|---|---|---|
JBoss Enterprise Application Platform | 7.2 | EAL4+ | -- | Security Target Validation Report Configuration Guide |
Evaluated |
Red Hat Certificate System | 10.4 | -- | CAPP v2.1 | Certificate Security Target Validation Report |
Evaluated |
Red Hat Certificate System | 9.4 | -- | CAPP v2.1 | Archived | |
Red Hat Virtualization | 4.3 | EAL2+ | -- | Certification Report, Security Target Configuration Guide, Administration Guide, Planning and Prerequisites Guide, Product Guide, Technical Reference |
Evaluated |
Red Hat Enterprise Linux | 9.4 | PP Compliant | PP_OS_V4.3 + PKG_SSH_V1.0 + PKG_TLS_V1.1 | Intel x86_64 (UEFI), IBM z16 (LPAR), IBM Power 10 (LPAR) | In Evaluation |
Red Hat Enterprise Linux | 9.0 | PP Compliant | PP_OS_V4.3 + PKG_SSH_V1.0 + PKG_TLS_V1.1 | Intel x86_64 (UEFI), IBM z16 (LPAR), IBM Power 10 (LPAR) Certificate Security Target Validation Report Administrative Guide |
Evaluated |
Red Hat Enterprise Linux | 8.6 | PP Compliant | PP_OS_V4.2.1 + PKG_SSH_V1.0 | Dell/Intel, IBM z15 (LPAR) Certificate Security Target Validation Report Administrative Guide |
Evaluated |
Red Hat Enterprise Linux | 8.2 | PP Compliant | OSPP v4.2.1 + SSH EP v1.0 | Archived | |
Red Hat Enterprise Linux | 8.1 | PP Compliant | OSPP v4.2.1 + SSH EP v1.0 | Archived | |
Red Hat Enterprise Linux | 7.6 | PP Compliant | OSPP v4.2.1 + SSH EP v1.0 | Archived | |
Red Hat Enterprise Linux | 7.x | EAL4+ | OSPP v2.0 | Dell, Page 23-24 HP, Page 23-24 IBM, Page 23-24 Certificate Report, Security Target |
Archived |
Red Hat Enterprise Linux | 7.x | EAL4+ | OSPP v3.9 | Dell HP IBM Certificate Report, Security Target |
Archived |
Common Criteria Certificates Archive - Historical or End Of Life releases list.
FIPS 140-2 and FIPS 140-3
Federal Information Processing Standard 140-2 and 140-3 demonstrate that cryptographic tools implement their algorithms properly. There are a number of FIPS 140-2-related articles in the Red Hat Customer Portal. You'll find a complete list of all FIPS 140-2 and FIPS 140-3 certificates at the NIST CMVP website. The Red Hat certificates are below.
A note on applicability: The exact platform and environment tested is specified in the Security Policy for each certificate, though generally applicable to other Red Hat products where the binary versions of modules are running unmodified as well. FIPS 140 certificates issued to Red Hat are not generally applicable to non-Red Hat products. Please see the Security Policy, available at the links that follow, for specifics. Module binaries may be unchanged across Red Hat Enterprise Linux minor releases. In this case Red Hat reports the same applicable module version and certificate for such releases.
Red Hat Enterprise Linux 9.4
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | 3.0.7-395c1a240fbfffd8 | openssl-fips-provider-3.0.7-2.el9 | Active | #4857 |
Libgcrypt | 1.10.0-8b6840b590cedd43 | libgcrypt-1.10.0-10.el9_2 | Active | #4754 |
Kernel Cryptographic API | TBD | TBD | -- | N/A |
GnuTLS | TBD | gnutls-3.8.3-1.el9 | -- | N/A |
NSS | TBD | TBD | -- | N/A |
Red Hat Enterprise Linux 9.2
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | 3.0.7-395c1a240fbfffd8 | openssl-3.0.7-18.el9_2 | Active | #4857 |
Libgcrypt | 1.10.0-8b6840b590cedd43 | libgcrypt-1.10.0-10.el9_2 | Active | #4754 |
Kernel Cryptographic API | kernel 5.14.0-284.57.1.el9_2, libkcapi 1.3.1-3.el9 | kernel-5.14.0-284.57.1.el9_2, libkcapi-1.3.1-3.el9, libkcapi-hmaccalc-1.3.1-3.el9 | Review Pending | N/A |
GnuTLS | 3.7.6-074d015ce201f434 | gnutls-3.7.6-21.el9_2.1, nettle-3.8-3.el9_0.x86_64 | Active | #4846 |
NSS | 3.90.0-4408e3bb8a34af3a | nss-3.90.0-6.el9_2 | Review Pending | N/A |
Red Hat Enterprise Linux 9.0
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | 3.0.1-3f45e68ee408cd9c | openssl-3.0.1-46.el9_0.3 | Active | #4746 |
Libgcrypt | 1.10.0-8b6840b590cedd43 | libgcrypt-1.10.0-10.el9_0 | Active | #4754 |
Kernel Cryptographic API | kernel 5.14.0-70.53.1.el9_0, libkcapi 1.3.1-3.el9 | kernel-5.14.0-70.53.1.el9_0, libkcapi-1.3.1-3.el9, libkcapi-hmaccalc-1.3.1-3.el9 | Active | #4796 |
GnuTLS | 3.7.6-66803fa128d6a6e5 | gnutls-3.7.6-19.el9_0 | Active | #4780 |
NSS | 4.34.0-a20cd33fbbe14357 | nss-softokn-3.79.0-18.el9_0, nss-softokn-freebl-3.79.0-18.el9_0 | Active | #4774 |
Tested on Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216, IBM z16, and IBM Power10
Red Hat Enterprise Linux 8.10
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | rhel8.20231130 | openssl-1.1.1k-12.el8_9 | Active | #4642 |
Kernel Cryptographic API | TBD | TBD | --- | N/A |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 | Active | #4438 |
Red Hat Enterprise Linux 8.9
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | rhel8.20231130 | openssl-1.1.1k-12.el8_9 | Active | #4642 |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 | Active | #4438 |
Red Hat Enterprise Linux 8.8
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | rhel8.20231130 | openssl-1.1.1k-12.el8_8 | Active | #4642 |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 | Active | #4438 |
Kernel Cryptographic API | TBD | TBD | Implementation Under Test | N/A |
NSS | TBD | nss-3.90.0-6.el8_8 | Implementation Under Test | N/A |
GnuTLS | rhel8.20240328 | gnutls-3.6.16-7.el8_8.3 | Active | #4428 |
Tested on Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216, IBM z15, IBM POWER9 and IBM Power10
Red Hat Enterprise Linux 8.7
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 | Active | #4438 |
GnuTLS | rhel8.20220830 | gnutls-3.6.16-5.el8_6 | Replaced by rhel8.20240328 | N/A |
Red Hat Enterprise Linux 8.6
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | rhel8.20231130 | openssl-1.1.1k-12.el8_6 | Active | #4642 |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 | Active | #4438 |
Kernel Cryptographic API | kernel 4.18.0-372.52.1.el8_6, libkcapi 1.2.0-2.el8 | kernel-4.18.0-372.52.1.el8_6, libkcapi-1.2.0-2.el8, libkcapi-hmaccalc-1.2.0-2.el8 | Active | #4804 |
GnuTLS | rhel8.20220830 | gnutls-3.6.16-5.el8_6 | Replaced by rhel8.20240328 | N/A |
NSS | rhel8.20211124 | nss-3.67.0-7.el8_5 | Active | #4458 |
Tested on Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216, IBM z15, IBM POWER9 and IBM Power10
Red Hat Enterprise Linux 8.5
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | rhel8.20220323 | openssl-1.1.1k-6.el8_5 | Active | #4642 |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-6.el8 | Updated | N/A |
Kernel Cryptographic API | rhel8.20211004 | kernel-4.18.0-348.el8 | Active | #4434 |
NSS | rhel8.20210708 | 3.67.0-6.el8_4 | Updated | N/A |
GnuTLS | rhel8.20210628 | gnutls-3.6.16-4.el8 | Updated | N/A |
Red Hat Enterprise Linux 8.4
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | rhel8.20210325 | openssl-1.1.1g-15.el8_3 | Active | #4271 |
Libgcrypt | rhel8.20200615 | libgcrypt-1.8.5-4.el8 | Active | #4397 |
Kernel Cryptographic API | rhel8.20210614 | kernel-4.18.0-305.7.1.el8_4 | Active | #4384 |
GnuTLS | rhel8.20210401 | gnutls-3.6.14-8.el8_3 | Active | #4272 |
NSS | rhel8.20201215 | nss-3.53.1-17.el8_3 | Active | #4413 |
Red Hat Enterprise Linux 7.9
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
Kernel Cryptographic API | rhel7.20210526 | kernel-3.10.0-1160.31.1.el7 | Active | #3939 |
Red Hat Enterprise Linux 7.8
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
Kernel Cryptographic API | rhel7.20200812 | kernel-3.10.0-1127.19.1.el7 | Active | #3939 |
Red Hat Enterprise Linux 7.7
Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
---|---|---|---|---|
OpenSSL | rhel7.20190409 | openssl-1.0.2k-19.el7 | Historical | #3867 |
Kernel Cryptographic API | rhel7.20200812 | kernel-3.10.0-1127.19.1.el7 | Active | #3939 |
GnuTLS | 7.0 | gnutls-3.3.29-9.el7_6.x86_64.rpm | Historical | #3571 |
NSS | rhel7.20190606 | nss-softokn-3.44.0-5.el7 | Active | #4498 |
OpenSSH Server | rhel7.20190626 | openssh-7.4p1-21.el7 | Historical | #3891 |
OpenSSH Client | rhel7.20190626 | openssh-7.4p1-21.el7 | Historical | #3892 |
Libreswan | rhel7.20190509 | libreswan-3.25-4.8.el7_6 | Historical | #3563 |
Historical due to SP 800-56Arev3 transition - Agencies may make a risk determination on whether to continue using this module based on their own assessment of where and how it is used but should not be included in new procurements.
FIPS 140-2 and 140-3 Certificates Archive - Historical or End Of Life releases list.
Secure Technical Implementation Guidelines (STIG)
Any DOD system must meet the STIG requirements before they are fielded. Below you'll find a list of guidance documents that can help you meet the STIG requirements. You can now apply STIG requirements with ease using the OpenSCAP tools and the scap-security-guide package for security policies. SCAP is U.S. standard maintained by National Institute of Standards and Technology (NIST). The OpenSCAP project is a collection of open source tools for implementing and enforcing this standard, and has been awarded the SCAP 1.2 certification by NIST.
PRODUCT | GUIDANCE | STATUS |
---|---|---|
JBoss Enterprise Application Platform 5 | NIST NVD checklist | Draft |
JBoss Enterprise Application Platform 6 | DISA | Released |
Red Hat Enterprise Linux 6 | DISA | Released |
Red Hat Enterprise Linux 7 | DISA | Released |
Red Hat Enterprise Linux 8 | DISA | Released |
Red Hat Enterprise Linux 9 | DISA | Released |
Red Hat Openshift Container Platform 4 | DISA | Released |
Criminal Justice Information Services (CJIS)
The CJIS Security Policy contains information security requirements, guidelines, and agreements reflecting the will of law enforcement and criminal justice agencies for protecting the sources, transmission, storage, and generation of Criminal Justice Information (CJI).
PRODUCT | GUIDANCE | STATUS |
---|---|---|
Red Hat Enterprise Linux 7 | NIST NVD checklist | Final |
US Government Configuration Baseline (USGCB)
The USGCB provides a minimum security configuration for software products. Red Hat has worked closely with various US government agencies on this guidance, which provides an excellent starting point for agency and program-specific guidance.
PRODUCT | CONTENT | STATUS |
---|---|---|
Red Hat Enterprise Linux 5 | NIST | Draft |
Red Hat Enterprise Linux 6 | scap-security-guide | In development |
Red Hat Enterprise Linux 7 | DRAFT | Public Draft with NIST |
USGv6-r1 TESTED PRODUCT LIST
Listing of USGv6-r1 tested devices for Red Hat, Inc.
PRODUCT | RELEASE | APPLICABILITY | TEST SUITES | SDOC |
---|---|---|---|---|
Red Hat Enterprise Linux | 9.2 | Red Hat Enterprise Linux for Real Time 9.2 | Core Interoperability v1.4, Core Conformance v1.4, SLAAC Interoperability v1.4, SLAAC Conformance v1.2, Addr Arch Interoperability v1.2, Addr Arch Conformance v1.2, IPsec Interoperability v1.0, IPsec Conformance v1.0 * Notes, IPsec-SHA-512 Interoperability v1.0, IPsec-SHA-512 Conformance v1.0 | SDoc |
Red Hat Enterprise Linux | 9.0 | Red Hat Enterprise Linux for Real Time 9.0 | Core Interoperability v1.3, Core Conformance v1.3, SLAAC Interoperability v1.3, SLAAC Conformance v1.2, Addr Arch Interoperability v1.2, Addr Arch Conformance v1.2, IPsec Interoperability v1.0, IPsec Conformance v1.0 * Notes, IPsec-SHA-512 Interoperability v1.0, IPsec-SHA-512 Conformance v1.0 | SDoc |
Red Hat Enterprise Linux | 8.6 | Red Hat Enterprise Linux for Real Time 8.6, Red Hat Enterprise Linux CoreOS (8.6 based), Red Hat OpenStack Platform 16.2, Red Hat Virtualization 4.4 SP1, OpenShift Container Platform 4.11 | Core Interoperability v1.4, Core Conformance v1.4, SLAAC Interoperability v1.4, SLAAC Conformance v1.2, Addr Arch Interoperability v1.2, Addr Arch Conformance v1.2 | SDoc |
Red Hat Enterprise Linux | 8.4 | Red Hat Enterprise Linux for Real Time 8.4, Red Hat Enterprise Linux CoreOS (8.4 based), Red Hat OpenStack Platform 16.2, Red Hat Virtualization 4.4.6, OpenShift Container Platform 4.8 | Core Interoperability v1.2, Core Conformance v1.1, SLAAC Interoperability v1.2, SLAAC Conformance v1.0, Addr Arch Interoperability v1.1, Addr Arch Conformance v1.0 | SDoc |
USGv6 TESTED PRODUCT LIST
Listing of USGv6 tested devices for Red Hat, Inc. Please see SDoc for * Notes.
PRODUCT | RELEASE | TEST SUITES | SDOC |
---|---|---|---|
Red Hat Enterprise Linux | 8.2 | Basic Interoperability v1.2, Basic Conformance v1.3, SLAAC Interoperability v1.3, SLAAC Conformance v1.2, Addr Arch Interoperability v1.2, Addr Arch Conformance v1.3, ESP Interoperability v1.1 *Notes, ESP Conformance v1.1, IKEv2 Interoperability v2.0 *Notes, IKEv2 Conformance v1.1 *Notes, IPsecv3 Interoperability v1.2 *Notes, IPsecv3 Conformance v1.3 | SDoc |
Red Hat Enterprise Linux | 7.1 | Basic Interoperability v1.1, Basic Conformance v1.2, SLAAC Interoperability v1.2, SLAAC Conformance v1.1, Addr Arch Interoperability v1.1, Addr Arch Conformance v1.2, DHCPv6 Server Interoperability v1.0, ESP Interoperability v1.1, ESP Conformance v1.1, DHCPv6 Client Interoperability v1.0, DHCPv6 Client Conformance v1.0, IKEv2 Interoperability v2.0, IKEv2 Conformance v1.1 *Notes, IPsecv3 Interoperability v1.2, IPsecv3 Conformance v1.3 | SDoc |
For previous releases or more information, please consult the USGv6 Tested Registry page. Please see SDoc for * Notes.
SECTION 508
Section 508 requires that government agencies assure that their software is accessible by those with disabilities. Red Hat supports these requirements with the completed Accessibility Conformance Reports below.
PRODUCT | VERSION | ACR |
---|---|---|
Ansible Core | 2 | Download |
Ansible Tower | 3 | Download |
Ansible Automation Platform | 1.2 | Download |
Ansible Automation Platform | 2 | Download |
Red Hat Enterprise Linux | 4 | Download |
Red Hat Enterprise Linux | 5 | Download |
Red Hat Enterprise Linux | 6 | Download |
Red Hat Enterprise Linux | 7 | Download |
Red Hat Enterprise Linux | 8 | Download |
Red Hat Enterprise Linux | 9.1 | Download |
Red Hat Satellite | 5 | Download |
Red Hat Satellite | 6 | Download |
Red Hat OpenStack | 10 | Download |
Red Hat OpenStack | 11 | Download |
Red Hat OpenStack | 12 | Download |
Red Hat OpenShift | 3 | Download |
Red Hat OpenShift | 4.4 | Download |
Red Hat OpenShift | 4.14 | Download |
Red Hat OpenShift Container Storage | 4 | Download |
Red Hat CloudForms | 4.6 | Download |
Red Hat CloudForms | 4.7 | Download |
Red Hat CloudForms | 5.0 | Download |
Red Hat Gluster Storage | 3 | Download |
Red Hat Ceph Storage | 2 | Download |
Red Hat Ceph Storage | 4 | Download |
Red Hat Ceph Storage | 5 | Download |
JBoss Enterprise Application Platform | 6 | Download |
JBoss Enterprise Application Platform | 7.1 | Download |
JBoss Enterprise Application Platform | 7.2 | Download |
JBoss Enterprise Application Platform | 7.3 | Download |
JBoss Enterprise Application Platform | 7.4 | Download |
JBoss Enterprise Application Platform | 8 | Download |
Red Hat Fuse | 7 | Download |
Red Hat AMQ | 7 | Download |
Red Hat 3scale API Management | 2.7 | Download |
Red Hat Decision Manager | 7.7 | Download |
Red Hat Process Automation Manager | 7.7 | Download |
Red Hat Advanced Cluster Management for Kubernetes | 2.0 | Download |
Red Hat Advanced Cluster Management for Kubernetes | 2.1 | Download |
Red Hat Advanced Cluster Management for Kubernetes | 2.2 | Download |
Red Hat Advanced Cluster Management for Kubernetes | 2.6 | Download |
US ARMY CERTIFICATE OF NETWORTHINESS
Army Networthiness (NW) provides an operational assessment of all systems, applications, and devices to determine supportability, sustainability, interoperability, and compliance with federal, DOD, and Army regulations and mandates. Army Regulation AR 25-1, paragraph 6-3(c), states that all activities must obtain a Certificate of Networthiness (CON) before connecting hardware or software to the LandWarNet (LWN).
The Army NW determines whether an application or system is capable or worthy to go on the Army's enterprise network and helps the Army reach its goal of establishing a standard baseline by establishing and utilizing enterprise license agreements.
NW was developed to prevent unmanaged deployments of software and hardware. It also serves as a way of ensuring that applications and hardware that connect to LWN are interoperable and will not damage other systems on the network by introducing new threats.
Networthiness certification applies to all organizations fielding, using, or managing IT assets on the LandWarNet:
- All applications (including COTS)
- All Government Off-the-Shelf (GOTS) software
- All web services
- Collaboration tools and services
- Tactical systems
- New, legacy, and fielded systems
A list of software with approved CONs is identified on the Army's Networthiness Program. website.
FISMA
All federal agencies must comply with the Federal Information Security Management Act and Red Hat works to make that process as simple as possible. FISMA is not a product certification, rather an evaluation of the entire information system. Red Hat publishes configuration guidance for the NIST 800-53 controls that compromise FISMA Moderate. This is reflected in our USGCB baseline. Reviewing the USGCB content is a great place to start.
FedRAMP
FedRAMP is a variant of the FISMA process for cloud providers and is not a product certification. Just like FISMA, USGCB content is a great place to start for compliance questions. You may also be interested in talking with your Red Hat account manager about our Certified Cloud Provider Program. Red Hat components have been used in FedRAMP certified offerings, such as:
CSRA's ARC-P Cloud:
Offers FedRAMP High certified IaaS and PaaS, based off Red Hat OpenStack Platform and Red Hat OpenShift v3. Details and certification packages can be found on the GSA FedRAMP Marketplace.
BlackMesh's Secure Cloud:
Offers FedRAMP Moderate certified PaaS, based off Red Hat OpenShift v3. Details and certification packages can be found on their GSA FedRAMP Marketplace.
ICD 503:
Red Hat has collaborated with the National Security Agency to release RHEL configuration guidance against ICD 503 and CNSSI 1253. This collaboration occurs in the OpenSCAP/SCAP Security Guide project, with profiles shipping natively in RHEL via the "CS2" baseline
NISPOM CHAPTER 8
You can find guidance on meeting Chapter 8 requirements in the National Industrial Security Program Operating Manual.
HIPAA Overview
HIPAA refers to the US Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. HIPAA is a United States federal law designed to protect the privacy and security of protected health information (PHI). Covered entities and business associates may ask Red Hat to act as a business associate (as defined by HIPAA) and Red Hat is prepared to act as a business associate with respect to the Red Hat HIPAA-Qualified Online Services offerings listed below. The customer is responsible for its own overall compliance with HIPAA, and it is the customer’s responsibility to understand, assess and comply with its applicable requirements. Please contact your Red Hat sales account representative to enter into a Red Hat Business Associate Agreement, if applicable.
HIPAA Qualified Online Services |
---|
Red Hat OpenShift Dedicated, v. 4 (Only Customer Cloud Subscriptions*) |
Red Hat OpenShift Service on AWS (ROSA) v. 4 |
Red Hat OpenShift Service on AWS (ROSA) with Hosted Control Planes v. 4 |
Red Hat OpenShift Application Programming Interface (API) Manager (RHOAM), v. 1.0 (Only Customer Cloud Subscriptions*) |
Red Hat OpenShift Data Science (RHODS), v. 1 (Only Customer Cloud Subscriptions*) |
*These Red Hat HIPAA-Qualified Online Services are limited to “Customer Cloud Subscriptions” which means they are Red Hat Online Services where the customer separately purchases or procures the underlying hosting infrastructure services from a cloud provider.
Red Hat Security Declaration - DCMS Telecommunications Code of Practice
This document provides Red Hat security declaration in response to the DCMS Code of Practice Vendor Security Assessment request and an overview of Red Hat’s alignment with the published UK Telecommunications Security Act Code of Practice. This document details how Red Hat implements engineering and security best practices to establish that we support and conform to the exacting demands for quality, transparency, and partnership of both the Government and the Telecommunications Sector within the UK.
Red Hat Security Declaration - DCMS Telecommunications Code of Practice
Trade Agreements Act (TAA)
The Trade Agreements Act (TAA) of 1979 was enacted to foster fair and open international trade. Under TAA, the products and/or services offered on your GSA Schedule contract are required to be only U.S. made or TAA designated country end products.
All commercial products sold in the U.S. are considered a U.S. made end product, a designated country end product, a Caribbean Basin country end product, a Canadian end product or a Mexican end product as defined in the clause entitled “Trade Agreements Act” FAR 52.225-5.
If you have any questions, please contact Legal at NAPS-Legal@redhat.com.
Red Hat Product Compliance Offerings Checker
Use Red Hat Product Compliance Offerings Checker to find more information about compliance activities and government standards for Red Hat's products not listed on this page.
Comments