Munich, Germany - atsec information security has completed a Common Criteria evaluation of IBM z/VM V5 R1 with RSU 1 at assurance level EAL3+. Completion of the IBM z/VM certification project cements atsec’s reputation for competence in successfully evaluating complex products; the project is atsec’s fifth evaluation of a large, complex operating system in just over two years, building on earlier successful evaluations of AIX, Linux, z/OS, and LPAR.
IBM z/VM is a highly secure, high-performance enterprise operating system for IBM zSeries mainframe computers, empowering the use of advanced features such as running separated virtual machines on top of the new 64-bit z/Architecture. Multiple zSeries computers running the evaluated version of IBM z/VM can be connected to form a networked system. The communication aspects within IBM z/VM used for such connections were also part of the evaluation.
IBM z/VM implements sharing available system resources ― such as processors, memory, and I/O devices ― among the set of 'virtual machines' it manages. As a result, IBM z/VM is able to run multiple Linux and IBM z/OS images on the same system. A company to run application development, testing, and production environments on a single physical computer. The virtual machines running separately on the same computer can communicate with each other, if necessary, requiring only minor configuration changes in the z/VM System Directory.
IBM z/VM V5 R1 with RSU 1 is certified as compliant with the Controlled Access Protection Profile (CAPP) and the Labeled Security Protection Profile (LSPP), which require managing access by subjects (using ACLs) to controlled objects (using Security Labels). For IBM z/VM, access is managed through the Resource Access Control Facility (RACF).
Common Criteria Lab Manager Gerald Krummeck notes that: “atsec is on the leading edge in evaluating and testing complex operating system technologies in CAPP and LSPP configurations. In addition to the completed z/VM CAPP and LSPP evaluation, the company currently is working on both AIX LSPP and Linux LSPP evaluations.”
In addition to conducting evaluations of complex operating systems with CAPP and LSPP, atsec continues to build its reputation as an innovator in the Common Criteria industry; currently, atsec is performing a prototype evaluation of Linux at assurance level EAL 4 as a test of the draft Common Criteria v.3 standard. The groundbreaking effort is being undertaken by atsec at the invitation of BSI, the German Common Criteria Scheme.
About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec launched its U.S. business in May 2003, building on extensive success in Europe dating back to 2000. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, BMW, SGI, Swisscom, RWE and Vodafone.
