PRTODAY / NewswireToday Free press release distribution service network

Written by / Agency / Source: Atsec Information Security

Check Ads Availability|e-mail Article

Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

atsec Information Security Evaluates IBM z/OS V1R8 - Common Criteria Certification at EAL4+ - atsec information security recently completed the evaluation of IBM’s z/OS V1R8 in the world's largest and most complex operating system evaluation
atsec Information Security Evaluates IBM z/OS V1R8 - Common Criteria Certification at EAL4+


NewswireToday - /newswire/ - Austin, TX, United States, 2007/05/23 - atsec information security recently completed the evaluation of IBM’s z/OS V1R8 in the world's largest and most complex operating system evaluation.

Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


The first evaluation of z/OS, at V1R6, was performed in 2005 at EAL3, followed by a re-evaluation of V1R7 in 2006 at EAL4 with added security features. The current re-evaluation of IBM z/OS V1R8 at EAL4+ addressed significantly enhanced security functions and provides assurance of the product in a format that is typically installed and operated. The Security Target specifying the target of evaluation is publicly available at atsec’s Common Criteria evaluations page. Some noteable features of the evaluation include:

• z System servers with all optional crypto boards

- Additional authentication mechanisms: X.509 certificates, Kerberos tickets, IBM PassTickets, and authentication based on LDAP DNS in addition to the traditional password mechanism

• Secure communications: in addition to SSL/TLS and IPSec, OpenSSH and Kerberos are available

• Full IBM Tivoli Directory Server with LDBM and SDBM back ends; LDBM provides a “traditional” LDAP database with access control known from other evaluated ITDS products, while SDBM provides access to RACF user management via LDAP interfaces

• Augmentation to ALC_FLR.3, the highest achievable assurance component for maintenance

There are only a small number of evaluation facilities with the experience and confidence needed to take on a task of this magnitude. Among that small set of evaluation laboratories, atsec information security is the world’s leading evaluator of large, complex operating systems.

Jim Porell, IBM Distinguished Engineer and Chief Architect for System z Software, commented: “The Common Criteria Evaluation of z/OS 1.8 was a complex effort requiring cooperation between IBM and atsec. Our goal, at IBM, has been to deliver an operating system that can provide valuable server functionality and security capabilities to meet our customers' business needs. The Common Criteria provides a good definition of the development processes and protection profiles that can be deployed to satisfy those business needs. We are pleased with the results of this evaluation and our working relationship with atsec.”

Marvin Schaefer, Former Chief Scientist at the National Computer Security Center at the NSA, adds: "IBM's z/OS Version 1 Release 8 operating system evolved from what was, in the late 1970s, the powerful, but complex, MVS operating system. At that time, its access control mechanisms were quite weak and easily defeated. Even with the integration of RACF, the system was not only subject to compromise, but because of the complexity of its structure and implementation, it was extremely difficult and time-consuming to evaluate its security policy and mechanisms against the criteria of the US Department of Defense Trusted Computer System Evaluation Criteria (the Orange Book). Its initial evaluation by the National Computer Security Center (NCSC) took years, and was only partially successful. As a consequence, IBM made a considerable investment in restructuring MVS/RACF and integrating it with supportive hardware security mechanisms -- and more importantly, with a security policy-driven discipline of design, documentation and programming. The resulting system, z/OS, is considerably richer and more complex than its antecedent MVS. Because system security became a central design principle, and because the development effort was closely coordinated with the independent team of evaluators, the formidable task of identifying and analyzing z/OS's large set of interfaces and its management of privilege became tractable. Through close and co-operative work with its evaluators, z/OS's interfaces and management of privilege have been documented such as to permit a full and rigorous assessment to be completed in a little more than a year. Further, over the last quarter century I have collaborated with senior IBM and atsec staff and know that this evaluation was anything but superficial, thanks to the atsec evaluation team's mature knowledge of security principles as well as their corpus of techniques for identifying and exploiting security vulnerabilities. I have full confidence that z/OS and its completed evaluation represent an exceptional technological achievement."

Operating system evaluation is the greatest test of competence in the field, and from early on in its history as a Common Criteria evaluation laboratory, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS Schemes. atsec’s record of evaluation at this level includes evaluations of IBM AIX 5.3 (CAPP and LSPP); twelve Linux versions on five different platforms; IBM z/OS V1R7 at the EAL4+ level, as well as the zSeries-based z/VM and PR/SM virtual machine and logical partitioning products. atsec has already completed two EAL5 evaluations of IBM PR/SM products.

atsec has completed a total of more than 40 evaluations since its initial accreditation as a Common Criteria lab by the German BSI Scheme in 2002. Accreditation by the U.S. CCEVS Scheme followed in 2005, and in 2006 atsec received provisional CC lab status under the Swedish CSEC scheme. Today, the company’s security experts work with confidence under all three schemes to offer quality results and maximum flexibility.

atsec’s leadership in the Common Criteria industry is also demonstrated by its commitment to helping shape the standard itself. This level of involvement not only includes helping to test new versions of the standard and contribute to Scheme publications, but also includes pushing the boundaries of the standard by applying it to large, complex systems. In partnership with BSI, atsec performed a prototype evaluation of Linux for the main aspects of the assurance level EAL4 as a test of what was the draft version of the Common Criteria v.3 standard. atsec is also performing the first EAL4 evaluation under the Swedish CSEC scheme.

The extensive experience and many successes of atsec’s evaluation staff have built the company’s industry-leading ability to delivery complex evaluations in enviably short time frames. This is important because in the world of Common Criteria evaluations, time is very definitely money. Sponsors begin to earn back their investment when the certification is finished – so there is tremendous value in working with a partner who can complete the process efficiently.

Gerald Krummeck, Common Criteria Lab Director for atsec information security GmbH, added: “We are very proud about this success: this is the most complex evaluation ever attempted under Common Criteria. IBM's and atsec's strategy to start the evaluation effort at EAL3, then move to EAL4 while constantly adding valuable security functionality made it possible to deliver a certificate for a complete, real-world system with a level of assurance that customers require for their business-critical operations.”

Beyond its enviable record of successful and timely completion of complex evaluations, atsec has also built its reputation on the quality of its evaluation deliverables. atsec’s modus operandi uses the Common Criteria methodology to the advantage of the customer. Interim and final evaluation reports reveal thoughtful analysis of the content of document evidence presented which provides real value to sponsors in the form of product and process improvements (not just a cursory look at the titles of documentation evidence or simply filling out a checklist of requirements to achieve certification). Looking at the real-world assurance evidence produced by developers as part of their regular development process has always been a feature of atsec’s evaluation process.

About atsec information security

atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience.

Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


Written by / Agency / Source: Atsec Information Security


Availability: All Regions (Including Int'l)


Traffic Booster: [/] Quick Newswire Today Visibility Checker


Distribution / Indexing: [+]

# # #
IT Security Anti-Spam Computer Security - Purchase keywords tags antivirus software firewall spyware removal virus scan computer security IT Security Anti-Spam malware / Banner Ads!.

  Your Banner Ad showing on ALL
IT Security/Anti-Spam articles,
CATCH Visitors via Your Competitors Announcements!

atsec Information Security Evaluates IBM z/OS V1R8 - Common Criteria Certification at EAL4+

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name Newswire Today and LINK as the source.
  Is this your article?
Activate ALL web links and social stream by Upgrading to Press Release PREMIUM Plan Now!

Publisher Contact: Andreas Fabis - 
512-615-7317 fabis[.]
Newswire Today - PRZOOM / PRTODAY disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any Atsec Information Security securities in any jurisdiction including any other companies listed or named in this release.

IT Security/Anti-Spam via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY

Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

Read Latest Articles From Atsec Information Security / Company Profile

Read IT Security/Anti-Spam Most Recent Related Newswires:

Flexera Software Acquires Software Composition Analysis Provider, Palamida
Singtel and TIS, Inc. Form Partnership to Provide Trustwave’s Cyber Security Services in Japan
Kerio Connect 9.2 Helps Small and Mid-sized Businesses Stay Better Connected
Rambus Licenses its DPA Countermeasures to NVIDIA
Bitdefender Partners with Europol’s 2016 CyberSecMonth Dedicated to Mobile Threats
High-Tech Bridge Recognized As A Key Innovator
Dell Unveils New Endpoint Data Security and Management Portfolio for Greater IT Interoperability
Trustwave Unveils Industry’s First Cloud-based Secure Web Gateway with Zero Malware Guarantee
Check Point Wins Third-Straight ‘Recommended’ Rating in 2016 from NSS Labs
Sonus Brings Proven Security to NuWave’s Hosted Cloud Communication and Collaboration Offering
MobileIron Bridge Unifies Mobile and Desktop Operations
Dell Partners with Leading System Integrators, Providing Customers More Choices for IoT Deployments
Cisco and Thales Innovate Together for Trusted Cybersecurity Solution
ForeScout Receives JPMorgan Chase Hall of Innovation Award for its Transformative Security Technology
Splunk IT Service Intelligence and Splunk Cloud Drive Big Data Analytics at Cox Automotive

Boost Your Social Network
& Crowdfunding Campaigns

NewswireToday Celebrates 10 Years in Business


Visit  Demyk Lightmod Products, Inc.


  ©2016 Newswire Today — Limelon Advertising, Co.
Home | About | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR free press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneurs newswire distribution freenewswiredistribution asianewstoday bizwiretoday USA pr UK today - NOT affiliated with PRNewswire as we declined their partnership offer in 2013
PRTODAY & NewswireTODAY are NOT affiliated with USA TODAY (