atsec information security completed the Common Criteria evaluation of IBM Processor Resource/System Manager (PR/SM) LPAR for IBM System z10 Business Class (z10 BC) and z10 Enterprise Class (z10 EC) at evaluation assurance level (EAL) 5. IBM PR/SM was certified by Germany’s Federal Office for Information Security (BSI).
PR/SM is a cornerstone of IBM’s mainframe security. PR/SM’s logical partitioning facility enables the resources of a single physical zSeries machine to be divided and shared by distinct logical machines, each capable of running z/VM, z/OS or Linux. All of these operating systems have been evaluated under the Common Criteria by atsec at different evaluation assurance levels.
The system administrator can configure the distinct logical machines to ensure complete isolation from one another; in such configuration, logical machines cannot gain knowledge about any other logical machine’s available I/O resources or performed operations. This assurance enables PR/SM to meet stringent requirements for confidentiality of processed information including requirements mandated by the U.S. federal government and the banking industry.
The evaluated version of PR/SM also allows for setting up cooperating logical partitions (i.e., Parallel Sysplex) that can freely exchange information, while co-existing with other partitions that require complete isolation.
The PR/SM for IBM z10 EC and z10 BC evaluation is the latest in a series of successful projects by atsec to certify complex systems at ambitious assurance levels. From early in its history as a Common Criteria evaluation lab, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS Schemes. In addition to the
PR/SM evaluations, atsec’s record of evaluations since 2002 includes IBM AIX 5.2, 5.3, and 6; a total of 12 Linux versions on various platform architectures; four IBM z/OS versions, as well as the zSeries-based z/VM 5.1 and 5.3.
The IBM PR/SM LPAR for z10 EC and z10 BC certificate can be found here.