atsec information security Evaluates PR/SM LPAR for IBM System z9 Business Class and IBM System z9 Enterprise Class

    /24-7PressRelease/ - October 02, 2006 - atsec information security is pleased to announce completion of a Common Criteria evaluation of IBM Processor Resource/System Manager (PR/SM) LPAR for IBM System z9 Business Class (z9 BC) and z9 Enterprise Class (z9 EC) at evaluation assurance level (EAL) 5. IBM's new z9 Business Class (z9 BC) mainframe platform is designed for small to medium enterprise computing needs. The z9 Enterprise Class (z9 EC) was formerly termed IBM system z9 109. IBM PR/SM was certified by Germany's Federal Office for Information Security (BSI). IBM sponsored the evaluation effort.

PR/SM is a cornerstone of IBM's mainframe security. PR/SM's logical partitioning facility enables the resources of a single physical zSeries machine to be divided and shared by distinct logical machines, each capable of running z/VM, z/OS or Linux. All of these operating systems have been evaluated under the Common Criteria by atsec at different evaluation assurance levels. The system administrator can configure the distinct logical machines to ensure complete isolation from one another; one logical machine cannot gain knowledge about any other logical machine's available I/O resources or performed operations. This assurance enables PR/SM to meet stringent requirements for confidentiality of processed information including requirements mandated by the federal government and the banking industry.

Gerald Krummeck, Common Criteria Lab Director, notes: "Assured security directly benefits IBM customers who entrust their business-critical operations to these certified products, but it also indirectly impacts every individual involved in any sort of financial, medical, or other transaction processed through an IBM mainframe computer. IBMxs introduction of the z9 Business Class mainframe computer for small to mid-size enterprises extends assured security to an even wider audience."

The very successful partnership of atsec as evaluation lab, IBM as sponsor, and BSI as certification body has led to timely completion of four PR/SM certifications since May 2004, in part because the product knowledge gained by atsec and BSI during their initial scrutiny of the product could be carried forward to later evaluations. This experience has also led to the EAL5 evaluation methodology documents provided by BSI (AIS34), which form a sound basis for such high-assurance evaluations. The almost continuous process of re-evaluation of PR/SM has successfully ensured that customers are provided with timely assurance of the PR/SM security features.

EAL5 certification includes recognition by member countries of the Common Criteria Recognition Arrangement (CCRA) at the EAL4 level.
The PR/SM for IBM z9 BC and z9 EC evaluation is the latest in a series of successful projects by atsec to certify complex systems at ambitious assurance levels. From early in its history as a Common Criteria evaluation lab, atsec has led the way in operating system evaluations under both the German BSI and U.S. CCEVS Schemes. atsec's record of evaluations at this level since 2002 includes IBM AIX 5.2; six Linux versions on five different platform architectures; two IBM z/OS versions, as well as the zSeries-based z/VM and PR/SM virtual machine and logical partitioning products.

The IBM PR/SM LPAR for z9 BC and z9 EC certificate can be found here:
http://www.atsec.com/downloads/pdf/certificates/z9-EC-and-z9-BC-EAL5-Certificate.pdf

atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in January 2000 and has extensive international operations with offices in the U.S., Sweden, the U.K., and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf. For more information, please visit http://www.atsec.com.

# # #