The First International Cryptographic Module Conference
24.-26. September, Gaithersburg, MD, USA
atsec information security evaluates PR/SM on IBM Systems z196 GA2, z114 GA1, Driver Level D93G at Common Criteria Certification EAL 5+2012-05-16
AUSTIN, Texas – atsec information security is pleased to announce completion of the Common Criteria evaluation of IBM Processor Resource/System Manager (PR/SM) on IBM Systems z196 GA2 and z114 GA1 with Driver Level D93G at evaluation assurance level (EAL) 5+. IBM PR/SM was certified by Germany's Federal Office for Information Security (BSI).
Michael Robrecht, Lead Evaluator for atsec, said: "Acting as the underlying, reliable platform for several IBM products already evaluated at level EAL4+, the evaluation of IBM PR/SM consequently followed its long-term path of being evaluated at a higher assurance level. In addition to a methodical search for potential exploits considering an attacker with a higher attack potential compared to EAL4, evaluation against EAL5 requires the developer to provide the evaluator with a considerably deeper insight into design details and to provide evidence that significantly more testing of security functionality has been performed. This supports the confidence in both the correctness and the effectiveness of IBM PR/SM security features.”
PR/SM continues to be one of the cornerstones of IBM's mainframe security. PR/SM's logical partitioning facility enables the resources of a single physical IBM mainframe machine to be divided and shared by distinct logical machines, each capable of running z/VM, z/OS, or Linux. atsec has evaluated all of these operating systems under the Common Criteria at different evaluation assurance levels. The system administrator can configure the distinct logical machines to ensure complete isolation from one another. In such configuration, a logical machine cannot gain knowledge about any other logical machine's available I/O resources or performed operations. This assurance enables PR/SM to meet stringent requirements for confidentiality of processed information. The evaluated version of PR/SM also allows for setting up cooperating logical partitions that can freely exchange information, while co-existing with other partitions that require complete isolation.
The very successful partnership with atsec as the evaluation lab, IBM as the sponsor, and BSI as the certification body in past PR/SM certifications led to the development of the EAL5* evaluation methodology provided by BSI (AIS34), which still forms the basis for other high-assurance evaluations. The product knowledge gained by atsec and BSI during their initial scrutiny of the product was carried forward to later PR/SM evaluations for more than a decade. The almost continuous re-evaluation of newer PR/SM versions ensures that customers are provided with timely assurance of the PR/SM security features.
*Note: EAL5 certification includes recognition by member countries of the Common Criteria Recognition Arrangement (CCRA) at the EAL4 level.
The PR/SM on IBM Systems z196 GA2, z114 GA1, Driver Level D93G evaluation is the latest in a series of successful projects by atsec to certify complex systems at ambitious assurance levels. From early in its history as a Common Criteria evaluation lab, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS schemes.
The BSI certificate can be found here:
About atsec information security
atsec information security is an independent, standards-based information technology security services company with offices in the U.S., Germany, Sweden, and China. atsec's services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology, as well as information security consultancy.
atsec offers evaluation and testing services leading to formal certification of information security technology, including evaluations under Common Criteria schemes in the U.S., Germany, and Sweden. In addition, the atsec U.S. organization operates a Cryptographic and Security Testing Laboratory accredited under the Cryptographic Module Validation and the Cryptographic Algorithm Validation Programs of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada for validating cryptographic modules under the FIPS 140-2 standard.
atsec works with any company, regardless of size or locale, that is serious about IT security.