The first evaluation of z/OS, at V1R6, was performed in 2005 at EAL3, followed by a re-evaluation of V1R7 in 2006 at EAL4 with added security features. The current re-evaluation of IBM z/OS V1R8 at EAL4+ addressed significantly enhanced security functions and provides assurance of the product in a format that is typically installed and operated. The Security Target specifying the target of evaluation is publicly available at atsec’s Common Criteria evaluations page. Some noteable features of the evaluation include:
• z System servers with all optional crypto boards
- Additional authentication mechanisms: X.509 certificates, Kerberos tickets, IBM PassTickets, and authentication based on LDAP DNS in addition to the traditional password mechanism
• Secure communications: in addition to SSL/TLS and IPSec, OpenSSH and Kerberos are available
• Full IBM Tivoli Directory Server with LDBM and SDBM back ends; LDBM provides a “traditional” LDAP database with access control known from other evaluated ITDS products, while SDBM provides access to RACF user management via LDAP interfaces
• Augmentation to ALC_FLR.3, the highest achievable assurance component for maintenance
There are only a small number of evaluation facilities with the experience and confidence needed to take on a task of this magnitude. Among that small set of evaluation laboratories, atsec information security is the world’s leading evaluator of large, complex operating systems.
Jim Porell, IBM Distinguished Engineer and Chief Architect for System z Software, commented: “The Common Criteria Evaluation of z/OS 1.8 was a complex effort requiring cooperation between IBM and atsec. Our goal, at IBM, has been to deliver an operating system that can provide valuable server functionality and security capabilities to meet our customers' business needs. The Common Criteria provides a good definition of the development processes and protection profiles that can be deployed to satisfy those business needs. We are pleased with the results of this evaluation and our working relationship with atsec.”
Marvin Schaefer, Former Chief Scientist at the National Computer Security Center at the NSA, adds: "IBM's z/OS Version 1 Release 8 operating system evolved from what was, in the late 1970s, the powerful, but complex, MVS operating system. At that time, its access control mechanisms were quite weak and easily defeated. Even with the integration of RACF, the system was not only subject to compromise, but because of the complexity of its structure and implementation, it was extremely difficult and time-consuming to evaluate its security policy and mechanisms against the criteria of the US Department of Defense Trusted Computer System Evaluation Criteria (the Orange Book). Its initial evaluation by the National Computer Security Center (NCSC) took years, and was only partially successful. As a consequence, IBM made a considerable investment in restructuring MVS/RACF and integrating it with supportive hardware security mechanisms -- and more importantly, with a security policy-driven discipline of design, documentation and programming. The resulting system, z/OS, is considerably richer and more complex than its antecedent MVS. Because system security became a central design principle, and because the development effort was closely coordinated with the independent team of evaluators, the formidable task of identifying and analyzing z/OS's large set of interfaces and its management of privilege became tractable. Through close and co-operative work with its evaluators, z/OS's interfaces and management of privilege have been documented such as to permit a full and rigorous assessment to be completed in a little more than a year. Further, over the last quarter century I have collaborated with senior IBM and atsec staff and know that this evaluation was anything but superficial, thanks to the atsec evaluation team's mature knowledge of security principles as well as their corpus of techniques for identifying and exploiting security vulnerabilities. I have full confidence that z/OS and its completed evaluation represent an exceptional technological achievement."
Operating system evaluation is the greatest test of competence in the field, and from early on in its history as a Common Criteria evaluation laboratory, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS Schemes. atsec’s record of evaluation at this level includes evaluations of IBM AIX 5.3 (CAPP and LSPP); twelve Linux versions on five different platforms; IBM z/OS V1R7 at the EAL4+ level, as well as the zSeries-based z/VM and PR/SM virtual machine and logical partitioning products. atsec has already completed two EAL5 evaluations of IBM PR/SM products.
atsec has completed a total of more than 40 evaluations since its initial accreditation as a Common Criteria lab by the German BSI Scheme in 2002. Accreditation by the U.S. CCEVS Scheme followed in 2005, and in 2006 atsec received provisional CC lab status under the Swedish CSEC scheme. Today, the company’s security experts work with confidence under all three schemes to offer quality results and maximum flexibility.
atsec’s leadership in the Common Criteria industry is also demonstrated by its commitment to helping shape the standard itself. This level of involvement not only includes helping to test new versions of the standard and contribute to Scheme publications, but also includes pushing the boundaries of the standard by applying it to large, complex systems. In partnership with BSI, atsec performed a prototype evaluation of Linux for the main aspects of the assurance level EAL4 as a test of what was the draft version of the Common Criteria v.3 standard. atsec is also performing the first EAL4 evaluation under the Swedish CSEC scheme.
The extensive experience and many successes of atsec’s evaluation staff have built the company’s industry-leading ability to delivery complex evaluations in enviably short time frames. This is important because in the world of Common Criteria evaluations, time is very definitely money. Sponsors begin to earn back their investment when the certification is finished – so there is tremendous value in working with a partner who can complete the process efficiently.
Gerald Krummeck, Common Criteria Lab Director for atsec information security GmbH, added: “We are very proud about this success: this is the most complex evaluation ever attempted under Common Criteria. IBM's and atsec's strategy to start the evaluation effort at EAL3, then move to EAL4 while constantly adding valuable security functionality made it possible to deliver a certificate for a complete, real-world system with a level of assurance that customers require for their business-critical operations.”
Beyond its enviable record of successful and timely completion of complex evaluations, atsec has also built its reputation on the quality of its evaluation deliverables. atsec’s modus operandi uses the Common Criteria methodology to the advantage of the customer. Interim and final evaluation reports reveal thoughtful analysis of the content of document evidence presented which provides real value to sponsors in the form of product and process improvements (not just a cursory look at the titles of documentation evidence or simply filling out a checklist of requirements to achieve certification). Looking at the real-world assurance evidence produced by developers as part of their regular development process has always been a feature of atsec’s evaluation process.
About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience.