atsec information security recently completed the Common Criteria evaluation of IBM z/OS V1R9. The certificate was awarded by Germany’s Federal Office for Information Security to IBM at the CeBIT trade fair.
Left to right: Roland Trauner von IBM, Bernd Kowalski (BSI), Martina Koederitz (IBM) and Gerald Krummeck (atsec).
atsec performed the first z/OS evaluation, examining z/OS V1R6, in 2005 at evaluation assurance level 3 (EAL3), followed by re-evaluations of V1R7 in 2006 at EAL4 and V1R8 in 2007 with added security features. For z/OS V1R9, IBM followed its yearly cycle of evaluations for the current z/OS release, adding new security functions like increased support for certificate-based authentication, including support of PKCS#11 tokens and centralized certificate management; support for distribution of policies through policy agents; support for remote authorization and auditing via LDAP; AES encryption support in Kerberos; and support for audit log streams.
Operating system evaluation is the greatest test of competence in the field. From early in its history as an evaluation laboratory, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS Schemes. Among the small set of evaluation laboratories with the experience and confidence to take on such projects, atsec information security has proven its competence as the world’s leading evaluator of large, complex operating systems.