Free press releases distribution network?

Agency / Source: Atsec Information Security

Check Ads Availability|e-mail Article

Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

atsec Information Security Evaluates IBM z/OS V1R8 - Common Criteria Certification at EAL4+ - atsec information security recently completed the evaluation of IBM’s z/OS V1R8 in the world's largest and most complex operating system evaluation
atsec Information Security Evaluates IBM z/OS V1R8 - Common Criteria Certification at EAL4+


PRZOOM - /newswire/ - Austin, TX, United States, 2007/05/23 - atsec information security recently completed the evaluation of IBM’s z/OS V1R8 in the world's largest and most complex operating system evaluation.

Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


The first evaluation of z/OS, at V1R6, was performed in 2005 at EAL3, followed by a re-evaluation of V1R7 in 2006 at EAL4 with added security features. The current re-evaluation of IBM z/OS V1R8 at EAL4+ addressed significantly enhanced security functions and provides assurance of the product in a format that is typically installed and operated. The Security Target specifying the target of evaluation is publicly available at atsec’s Common Criteria evaluations page. Some noteable features of the evaluation include:

• z System servers with all optional crypto boards

- Additional authentication mechanisms: X.509 certificates, Kerberos tickets, IBM PassTickets, and authentication based on LDAP DNS in addition to the traditional password mechanism

• Secure communications: in addition to SSL/TLS and IPSec, OpenSSH and Kerberos are available

• Full IBM Tivoli Directory Server with LDBM and SDBM back ends; LDBM provides a “traditional” LDAP database with access control known from other evaluated ITDS products, while SDBM provides access to RACF user management via LDAP interfaces

• Augmentation to ALC_FLR.3, the highest achievable assurance component for maintenance

There are only a small number of evaluation facilities with the experience and confidence needed to take on a task of this magnitude. Among that small set of evaluation laboratories, atsec information security is the world’s leading evaluator of large, complex operating systems.

Jim Porell, IBM Distinguished Engineer and Chief Architect for System z Software, commented: “The Common Criteria Evaluation of z/OS 1.8 was a complex effort requiring cooperation between IBM and atsec. Our goal, at IBM, has been to deliver an operating system that can provide valuable server functionality and security capabilities to meet our customers' business needs. The Common Criteria provides a good definition of the development processes and protection profiles that can be deployed to satisfy those business needs. We are pleased with the results of this evaluation and our working relationship with atsec.”

Marvin Schaefer, Former Chief Scientist at the National Computer Security Center at the NSA, adds: "IBM's z/OS Version 1 Release 8 operating system evolved from what was, in the late 1970s, the powerful, but complex, MVS operating system. At that time, its access control mechanisms were quite weak and easily defeated. Even with the integration of RACF, the system was not only subject to compromise, but because of the complexity of its structure and implementation, it was extremely difficult and time-consuming to evaluate its security policy and mechanisms against the criteria of the US Department of Defense Trusted Computer System Evaluation Criteria (the Orange Book). Its initial evaluation by the National Computer Security Center (NCSC) took years, and was only partially successful. As a consequence, IBM made a considerable investment in restructuring MVS/RACF and integrating it with supportive hardware security mechanisms -- and more importantly, with a security policy-driven discipline of design, documentation and programming. The resulting system, z/OS, is considerably richer and more complex than its antecedent MVS. Because system security became a central design principle, and because the development effort was closely coordinated with the independent team of evaluators, the formidable task of identifying and analyzing z/OS's large set of interfaces and its management of privilege became tractable. Through close and co-operative work with its evaluators, z/OS's interfaces and management of privilege have been documented such as to permit a full and rigorous assessment to be completed in a little more than a year. Further, over the last quarter century I have collaborated with senior IBM and atsec staff and know that this evaluation was anything but superficial, thanks to the atsec evaluation team's mature knowledge of security principles as well as their corpus of techniques for identifying and exploiting security vulnerabilities. I have full confidence that z/OS and its completed evaluation represent an exceptional technological achievement."

Operating system evaluation is the greatest test of competence in the field, and from early on in its history as a Common Criteria evaluation laboratory, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS Schemes. atsec’s record of evaluation at this level includes evaluations of IBM AIX 5.3 (CAPP and LSPP); twelve Linux versions on five different platforms; IBM z/OS V1R7 at the EAL4+ level, as well as the zSeries-based z/VM and PR/SM virtual machine and logical partitioning products. atsec has already completed two EAL5 evaluations of IBM PR/SM products.

atsec has completed a total of more than 40 evaluations since its initial accreditation as a Common Criteria lab by the German BSI Scheme in 2002. Accreditation by the U.S. CCEVS Scheme followed in 2005, and in 2006 atsec received provisional CC lab status under the Swedish CSEC scheme. Today, the company’s security experts work with confidence under all three schemes to offer quality results and maximum flexibility.

atsec’s leadership in the Common Criteria industry is also demonstrated by its commitment to helping shape the standard itself. This level of involvement not only includes helping to test new versions of the standard and contribute to Scheme publications, but also includes pushing the boundaries of the standard by applying it to large, complex systems. In partnership with BSI, atsec performed a prototype evaluation of Linux for the main aspects of the assurance level EAL4 as a test of what was the draft version of the Common Criteria v.3 standard. atsec is also performing the first EAL4 evaluation under the Swedish CSEC scheme.

The extensive experience and many successes of atsec’s evaluation staff have built the company’s industry-leading ability to delivery complex evaluations in enviably short time frames. This is important because in the world of Common Criteria evaluations, time is very definitely money. Sponsors begin to earn back their investment when the certification is finished – so there is tremendous value in working with a partner who can complete the process efficiently.

Gerald Krummeck, Common Criteria Lab Director for atsec information security GmbH, added: “We are very proud about this success: this is the most complex evaluation ever attempted under Common Criteria. IBM's and atsec's strategy to start the evaluation effort at EAL3, then move to EAL4 while constantly adding valuable security functionality made it possible to deliver a certificate for a complete, real-world system with a level of assurance that customers require for their business-critical operations.”

Beyond its enviable record of successful and timely completion of complex evaluations, atsec has also built its reputation on the quality of its evaluation deliverables. atsec’s modus operandi uses the Common Criteria methodology to the advantage of the customer. Interim and final evaluation reports reveal thoughtful analysis of the content of document evidence presented which provides real value to sponsors in the form of product and process improvements (not just a cursory look at the titles of documentation evidence or simply filling out a checklist of requirements to achieve certification). Looking at the real-world assurance evidence produced by developers as part of their regular development process has always been a feature of atsec’s evaluation process.

About atsec information security

atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience.

Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


Agency / Source: Atsec Information Security


Availability: All Regions (Including Int'l)


Traffic Booster: [/] Quick PRZOOM - Press & Newswire Visibility Checker


Distribution / Indexing: [+]

# # #
IT Security Anti-Spam Computer Security - Purchase keywords tags antivirus software firewall spyware removal virus scan computer security IT Security Anti-Spam malware / Banner Ads!.

  Your Banner Ad showing on ALL
IT Security/Anti-Spam articles,
CATCH Visitors via Your Competitors Announcements!

atsec Information Security Evaluates IBM z/OS V1R8 - Common Criteria Certification at EAL4+

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name PRZOOM - Press & Newswire and LINK as the source.
  For more information, please visit:
Is this your article? Activate ALL web links by Upgrading to Press Release PREMIUM Plan Now!
Contact: Andreas Fabis - 
512-615-7317 fabis[.]
PRZOOM / PRTODAY - Newswire Today disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any Atsec Information Security securities in any jurisdiction including any other companies listed or named in this release.

IT Security/Anti-Spam via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY

Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

Read Latest Press Releases From Atsec Information Security / Company Profile

Read IT Security/Anti-Spam Most Recent Related Press Releases:

Comodo to Present on Benefits of Comodo One Platform for MSPs at ASCII IT SMB Success Summit
Verint Named Physical Security Intelligence Solutions Company of the Year
Rambus Announces Industry’s First Functional Silicon of Server DIMM Buffer Chipset Targeted for Next-generation DDR5
Verint Recognized in New Customer Journey Analytics Report by Independent Research Firm
High-Tech Bridge Enhances Discovery Capacities of its Phishing Detection Service
Ensono Adds Managed Mainframe to its UK Toolkit
Radware Launches Ultimate IoT Botnet Protection with New DefensePro® Lineup
Comodo Advanced Endpoint Protection Wins ‘APT Software of the Year’ 2017 CyberSecurity Breakthrough Award
Frost & Sullivan Recognizes Radware as a Leader in Customer Value with its Complete Line of DDoS Mitigation Solutions
Ecobank Deploys Radware’s Attack Mitigation Solution to Protect its Infrastructure

Boost Your Social Network
& Crowdfunding Campaigns

NewswireToday Celebrates 10 Years in Business
Find business coaching, life coaching, executive coaching and corporate coaching, best selling coaching books, ...




Visit  SKS Media | SKS Associates Ltd

  ©2017 PRZOOM — Limelon Advertising, Co.
Home | About PRZOOM | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneur newswire distribution freenewswiredistribution asianewstoday bizwiretoday USA pr UK today