Tresys Technology Announces Certifiable Linux Integration Platform (CLIP) for Red Hat Enterprise Linux (RHEL) 6.2

Share Article

CLIP for RHEL 6.2 release supports high-assurance security environment development efforts

CLIP has been used to support the successful PL4 and PL5 certification of a large number of Cross Domain Solutions and has gained a positive reputation within the certification community, which allows CLIP systems to more rapidly achieve certification.

Tresys Technology, a provider of technology and engineering services for customers with high-security requirements, today announced that the company has updated CLIP to support RHEL 6.2. The new release will be used by developers leveraging Linux to build appliances or systems with confidentiality, integrity, availability, and accountability requirements for U.S Intelligence and Department of Defense (DoD) agencies as well as for critical infrastructure and other communities that manage sensitive or classified information. The enhancements to the platform enrich integration features available in previous releases and include adding DCID (Director of Central Intelligence Directive) 6/3 Protection Level 4 (PL4) high-availability and high-integrity requirements support, a custom SELinux policy, and a new build system for generating installable media.

CLIP is of major significance to developers in these communities as it provides a pre-configured, locked-down platform with fundamental security already embedded to use as the basis of their secure development efforts, reducing errors and saving both extensive development time and money. Developers realize additional benefits through access provided to CLIPs body of evidence documentation that is required for certification and accreditation (C&A). By working with Tresys as their experienced partner in RHEL, CLIP, and the C&A process and community to customize specific solutions, developers can further expedite the C&A process and avoid unnecessary costs and delays.

The latest version of CLIP includes the SecState tool for managing and interpreting SCAP (Security Content Automation Protocol) content, applying remediation content, and generating reports. CLIP includes remediation content, SCAP content, a custom, lean SELinux policy developed for use in cross domain solutions, a customized RHEL 6 kickstart, and a new build system for generating individual software packages and complete installation media. These features are key to reducing the burden associated with developing and certifying requirement-compliant solutions.

“Tresys has been the principal developer of CLIP, with support from the open source community, and has hosted and maintained the project for many years,” said Tresys CEO Gary Latham. “CLIP has been used to support the successful PL4 and PL5 certification of a large number of Cross Domain Solutions (CDS) and has gained a positive reputation within the certification community, which allows CLIP systems to more rapidly achieve certification. We are pleased that we can continue to make a constructive impact, not only with Intel and DoD agencies, but in other arenas that require high-security assurance through our open source contributions.”

The platform has been released in a beta version with the final release planned for availability in November. Developers can access the final release on the Tresys open source site at


In 2006, a Government agency tasked Tresys with creating a platform installation upon which higher-level design and development for CDS could be based. Each CDS vendor would then be able to leverage the baseline platform to reduce costs and quickly develop a product with less risk for C&A complications or failure. In response, Tresys created CLIP which provides toolkits for generating a solid foundation upon which developers can build secure Linux-based solutions, reducing design errors and time for development as well as the amount of work needed to generate full Linux systems and providing part of the documentation required for C&A. A critical feature of CLIP is the Reference Policy, which Tresys also created, maintains, and provides as the basis for developing secure SELinux system policies. Several CLIP instances are mapped to various national directives including DCID 6/3, CNSSI 1253, and DoD 8500.2. This version of CLIP is the company’s first release for RHEL 6.

About Tresys Technology

Based in Columbia, Maryland, privately-held Tresys Technology solves the most complex information security problems for a wide array of defense, intelligence, and commercial customers. Tresys provides innovative product and services solutions for hard problems in Cross Domain, Deep Content Inspection, secure operating systems—including SELinux—mobile devices and OSs, and software assurance. Our knowledge of the secure design, certification, and accreditation of complicated custom hardware and software solutions, combined with insight into the sophisticated requirements of our customers, allows us to deliver innovative solutions to modern security challenges. The experience gained from solving real-world problems has enabled Tresys to develop industry-leading and authoritative services. For more information, visit:


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Traci Robinson-Williams
Visit website