atsec information security is pleased to announce completion of a Common Criteria evaluation of IBM Processor Resource/System Manager (PR/SM) LPAR for IBM System z9 Business Class (z9 BC) and z9 Enterprise Class (z9 EC) at evaluation assurance level (EAL) 5. IBM’s new z9 Business Class (z9 BC) mainframe platform is designed for small to medium enterprise computing needs. The z9 Enterprise Class (z9 EC) was formerly termed IBM system z9 109. IBM PR/SM was certified by Germany’s Federal Office for Information Security (BSI). IBM sponsored the evaluation effort.
PR/SM is a cornerstone of IBM’s mainframe security. PR/SM’s logical partitioning facility enables the resources of a single physical zSeries machine to be divided and shared by distinct logical machines, each capable of running z/VM, z/OS or Linux. All of these operating systems have been evaluated under the Common Criteria by atsec at different evaluation assurance levels. The system administrator can configure the distinct logical machines to ensure complete isolation from one another; one logical machine cannot gain knowledge about any other logical machine’s available I/O resources or performed operations. This assurance enables PR/SM to meet stringent requirements for confidentiality of processed information including requirements mandated by the federal government and the banking industry.
The very successful partnership of atsec as evaluation lab, IBM as sponsor, and BSI as certification body has led to timely completion of four PR/SM certifications since May 2004, in part because the product knowledge gained by atsec and BSI during their initial scrutiny of the product could be carried forward to later evaluations. This experience has also led to the EAL5 evaluation methodology documents provided by BSI (AIS34), which form a sound basis for such high-assurance evaluations. The almost continuous process of re-evaluation of PR/SM has successfully ensured that customers are provided with timely assurance of the PR/SM security features.
EAL5 certification includes recognition by member countries of the Common Criteria Recognition Arrangement (CCRA) at the EAL4 level. The PR/SM for IBM z9 BC and z9 EC evaluation is the latest in a series of successful projects by atsec to certify complex systems at ambitious assurance levels. From early in its history as a Common Criteria evaluation lab, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS Schemes. atsec’s record of evaluations at this level since 2002 includes IBM AIX 5.2; six Linux versions on five different platform architectures; two IBM z/OS versions, as well as the zSeries-based z/VM and PR/SM virtual machine and logical partitioning products.