Successful Completion of the 2025 Consolidated Commercial Security Audit

The Product Security Compliance team is thrilled to announce that Red Hat has successfully completed a consolidated commercial audit and achieved re-certifications, attestations, and new certifications across multiple industry-leading frameworks.

First-time certifications were achieved for Red Hat OpenShift AI (RHOAI), along with new certifications for CSA STAR and FFIEC for OpenShift Dedicated (OSD), Red Hat OpenShift Service on AWS (ROSA), and Hosted Control Plane (HCP). This milestone reflects the result of rigorous assessments and close collaboration across multiple teams. These certifications underscore Red Hat's ongoing commitment to protecting customer data, in alignment with the highest industry standards, and reinforces our commitment to leading industry frameworks for AI governance and compliance standards.

We have attained the following certifications, attestations, and re-certifications:

  • SOC 1 Type 2
  • SOC 2 Type 2
  • SOC 3
  • PCI-DSS v4.0.1
  • HIPAA
  • ISO 27001, 27017, 27018
  • NEW: ISO 42001
  • NEW: CSA STAR Level 2
  • NEW: FFIEC

For the following managed services:

  • OpenShift Dedicated running on AWS
  • OpenShift Dedicated running on GCP
  • Red Hat OpenShift Service on AWS (ROSA) / Hosted Control - Plane (HCP)
  • Red Hat OpenShift API Management (RHOAM)
  • Red Hat OpenShift AI (RHOAI)
  • Ansible Automation Platform Services on AWS (AAPS-AWS)

In addition, we achieved SOC 2 Type 2 attestation for Customer Portal, UGC and SSO applications.

These certifications demonstrate our unwavering commitment to safeguarding customer data with the highest industry standards, underscoring our dedication to security and privacy.

We’re proud to share that all frameworks were passed with zero findings, a testament to the strength and maturity of our compliance posture. The journey to achieving these certifications involved exhaustive assessments and close collaboration across numerous teams, including Engineering, Legal, Global Privacy, Information Security, Facilities, Human Resources, Infrastructure, Database, and Red Hat IT teams.

For real-time updates on security certifications, please refer to the Product Security Compliance portal.