AppliedCrossDomain:RedHatFoundations

ShawnWellsOfficeoftheChief Technologist, RedHatPublic Sector

shawn@redhat.com ||443-534-0130

CSCF participates in community-powered upstream projects, such asSELinux, OpenSCAP and theSCAP Security Guide

CSCF collaborates with Red Hatto integrate upstream projects intoEnterprise Linux, fosteringopen community platforms.

We commercialize these platforms together with a rich ecosystem of servicesand certifications, such as ICD 503 and CNSSI 12-53 accreditations.

PARTICIPATE

INTEGRATE

STABILIZE

100,000+PROJECTS

● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy

SELinux

● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy

SELinux

Security Automation● Configuration Monitoring● Compliance Reports● Secure Provisioning● Remediation

● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy

SELinux Refresher

● Common Criteria & NIAP● Intelligence Community Directive 503 (ICD 503)● US Government Configuration Baseline (USGCB)

Certifications & Standards Security Automation● Configuration Monitoring● Compliance Reports● Secure Provisioning● Remediation

SELinux Refresher

Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)

Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)

•Abilitytomanage{processes,users}withvaryinglevelsofaccess.(i.e.“theneedtoknow”)

Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)

•Abilitytomanage{processes,users}withvaryinglevelsofaccess.(i.e.“theneedtoknow”)

•Usescategory&sensitivitylevels

SensitivityLabels

CategoryLabels

Polyinstantiation#id –Zstaff_u:WebServer_Admin_r:WebServer_Admin_t:s0:c0#ls -l/datasecret-file-1secret-file2

#id –Zstaff_u:WebServer_Admin_r:WebServer_Admin_t:s1:c0#ls -l/datasecret-file-1secret-file2top-secret-file-1

Certifications&Standards

NSAC63(akaNIAP)&RedHat:Wherewe’vebeen…andnextstop

RHEL 3 CAPP / EAL3+

RHEL 4 CAPP / EAL3+

RHEL 5 LSPP / EAL4+

RHEL 6 OSPP / EAL4+

RHEL 7 OSPP v3.9 / EAL4+

FIPS 140-2 Certs

docs.redhat.com- Security Guide- Admin. Guide- Priv User Guide

Red Hat corporatedevelopment &responsibilities

We use Atsechttp://red.ht/1kWN8ZZ

CommonCriteria!=

CompliancePolicy

ICD503,STIG,FISMA==

CompliancePolicy

SCAPSecurityGuidehttp://open-scap.org,

http://github.com/OpenSCAP

ShawnWellsDirector,Innovation ProgramsOfficeoftheChief Technologist, RedHatPublic Sectorshawn@redhat.com ||443-534-0130