Now available: Red Hat Enterprise Linux Security Select Add-On

When you subscribe to Red Hat Enterprise Linux (RHEL), you get security fixes for Common Vulnerabilities and Exposures (CVE).  As defined in the RHEL Life Cycle Policy, we classify any issue rated with a Common Vulnerability Scoring System score of 7.0 or higher as Critical, Important or Moderate. Our enhanced support plans (RHEL Extended Life Cycle Support, Extended Update Support, and Enhanced Extended Update Support) include similar coverage. But compliance in finance, healthcare, telecommunications, the public sector and other highly regulated industries may demand fixes and patches outside our standard packages. That’s why we’re offering the Red Hat Enterprise Linux Security Select Add-On: To fill the gap for customers with RHEL Premium subscriptions, so you can get exactly what your organization requires, delivered and ready to deploy.

With the Security Select Add-On, we're committing to a 90-day turnaround time for fixes and patches. Should you need more nonstandard patches and fixes, you can purchase individual ones after you’ve used your initial 10-pack.

When you purchase the Security Select Add-On, you're required to have a Technical Account Manager (TAM). If you don't currently have a TAM, you must acquire a security TAM. Our TAMs are conduits to security teams that help facilitate fixes and patches, but they’re a lot more than that. With deep RHEL experience, robust security tooling expertise and industry-specific knowledge, your security TAM supplements your in-house teams in assessing and addressing your organization's specific needs.

A specialized offering for complex sectors

The Security Select Add-On started as an effort to help customers in highly regulated industries who face complex regulations and unique security demands. The Payment Card Industry Data Security Standard, for instance, encourages finance companies to address CVEs rated “medium” under the National Vulnerability Database’s scoring system.

Healthcare, telecommunications and government organizations face similarly stringent compliance standards. Under farther-reaching regulations like the European Union's Network and Information Security 2 Directive and the U.S. Securities and Exchange Commission's Cybersecurity Rule, covered companies across industries are increasingly accountable for the safety of their software supply chains. 

Noncompliance in all these industries has real consequences. Everything from the company's continued operation to the IT team's compensation could be affected. When an industry-specific regulation calls for extra fixes, the Security Select Add-On enables a resolution without any need for ad hoc negotiation or escalation.

The Security Select Add-On is also useful for RHEL customers who have to satisfy rigorous internal or external audit requirements. The fixes themselves help you document that you’ve resolved the broad set of vulnerabilities many audits mandate. Your security TAM adds value here, too. Part of their role is to advise you on security tools, features and configurations that can keep you in compliance with audit mandates and regulations.

Now more than ever, you need flexibility in your approach to security. The Security Select Add-On gives that to you.

Getting the Security Select Add-On

This new offering, announced at Red Hat Summit 2025, is available to premium RHEL subscribers who have also purchased Extended Life Cycle Support, Extended Update Support or Enhanced Extended Update Support add-ons. If it sounds like something that would help your organization, contact your Red Hat account manager.

To get more details on the Security Select Add-On, download our datasheet.