atsec信息安全完成IBM PR/SM z10 EC/BC的CC EAL 5评估

2009-05-07

AUSTIN, Texas - atsec information security is pleased to announce completion of the Common Criteria evaluation of IBM Processor Resource/System Manager (PR/SM) LPAR for IBM System z10 Business Class (z10 BC) and z10 Enterprise Class (z10 EC) at evaluation assurance level (EAL) 5. IBM PR/SM was certified by Germany's Federal Office for Information Security (BSI). IBM sponsored the evaluation effort.

PR/SM is a cornerstone of IBM's mainframe security. PR/SM's logical partitioning facility enables the resources of a single physical zSeries machine to be divided and shared by distinct logical machines, each capable of running z/VM, z/OS or Linux. All of these operating systems have been evaluated under the Common Criteria by atsec at different evaluation assurance levels. The system administrator can configure the distinct logical machines to ensure complete isolation from one another; in such configuration, logical machines cannot gain knowledge about any other logical machine's available I/O resources or performed operations. This assurance enables PR/SM to meet stringent requirements for confidentiality of processed information including requirements mandated by the U.S. federal government and the banking industry. The evaluated version of PR/SM also allows for setting up cooperating logical partitions (i.e., Parallel Sysplex) that can freely exchange information, while co-existing with other partitions that require complete isolation.

Michael Robrecht, Lead Evaluator for atsec, remembers: "It has been more than a decade since the initial evaluation of IBM PR/SM against ITSEC at level E4. At that time, no one could have anticipated that the product would be evaluated nine more times, addressing changes in evaluation criteria and covering the evolving hardware underlying the product. In addition, with each evaluation, additional features have been added and assessed for their security impact. I am personally very happy to have participated in the ten successful PR/SM evaluations to date, and I look forward to the challenge of evaluating PR/SM against the requirements of Common Criteria 3.1 in the future."

The very successful partnership of atsec as evaluation lab, IBM as sponsor, and BSI as certification body in recent PR/SM certifications led to development of the EAL5 evaluation methodology provided by BSI (AIS34), which forms a sound basis for such high-assurance evaluations. The product knowledge gained by atsec and BSI during their initial scrutiny of the product was carried forward to later evaluations. The almost continuous process of re-evaluation of PR/SM ensures that customers are provided with timely assurance of the PR/SM security features.

EAL5 certification includes recognition by member countries of the Common Criteria Recognition Arrangement (CCRA) at the EAL4 level.

The PR/SM for IBM z10 EC and z10 BC evaluation is the latest in a series of successful projects by atsec to certify complex systems at ambitious assurance levels. From early in its history as a Common Criteria evaluation lab, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS Schemes. In addition to the PR/SM evaluations, atsec's record of evaluations since 2002 includes IBM AIX 5.2, 5.3, and 6; a total of 12 Linux versions on various platform architectures; four IBM z/OS versions, as well as the zSeries-based z/VM 5.1 and 5.3.

The IBM PR/SM LPAR for z10 EC and z10 BC certificate can be found here:
http://www.atsec.com/downloads/pdf/certificates/BSI-DSZ-CC-0557-2009.pdf

About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in January 2000 and has extensive international operations with offices in the U.S., Sweden, the U.K., and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf.