Security Solutions

Security Evaluations for IBM Products




Security evaluations, conducted by independent, accredited evaluators provide assurance (confidence) in the evaluated products' security attributes. Some public and private sector organizations mandate that their acquired products are evaluated. Even when evaluations aren't mandatory, acquiring organizations benefit from them.

The following information describes IBM's products that have been evaluated or are in-evaluation. The two security evaluation programs are the Common Criteria (CC – a.k.a. ISO/IEC 15408) and the Cryptographic Module Validation Program (CMVP – a.k.a. FIPS 140). Only the most recently-evaluated products are shown. Older evaluations may be found at the Common Criteria Portal and the CMVP resource site.

Security Controls

Product Evaluated Assurance Level (EAL) Certification Date and link
IBM RACF element of z/OS Version 2 Release 1   in-evaluation
IBM RACF for z/OS Version 1, Release 13 EAL5+, ALC_FLR.3 2013.02.19
IBM Tivoli Security Policy Manager Version 7.1 EAL2+, ALC_FLR.3 2013.12.16
IBM Tivoli Directory Server Version 6.3 EAL4+, ALC_FLR.1 2013.07.05
IBM Tivoli Access Manager for e-business Version 6.1.1 FP4 with IBM Tivoli Federated Identity Manager Version 6.2.1 FP2 EAL4+, ALC_FLR.3 2012.06.22
IBM Tivoli Identity Manager Version 5.0 EAL3+, ALC_FLR.1 2009.06.08
IBM WebSphere DataPower Firmware Version 6.0 for XB62, XG45 and XI52   in-evaluation
IBM WebSphere DataPower XS40 XML Security Gateway and XI50 Appliance on Firewall Version 3.5 EAL4+, ALC_FLR.1 2008.12.30
IBM Proventia GX 4.1 for GX4004, GX5008, GX5108, GX5208, GX6116 with SiteProtector 2.0 SP 8.1 EAL2+, ALC_FLR.2 2012.04.26
IBM Q1 Labs QRadar Release 7.0.0i EAL3+, ALC_FLR.2 2011.02.10
IBM BigFix Enterprise Suite (BES), Version 7.1.1.315 EAL3 2009.01.16
IBM Global Security Kit (GSKit) v8 EAL4 2012.06.11

Middleware

Product Evaluated Assurance Level (EAL) Certification Date and link
IBM Tivoli Provisioning Manager (TPM) Version 5.1.1.1 Interim Fix EAL3+, ALC_FLR.1 2009.05.20
IBM Tivoli License Compliance Manager, Version 2.2, Fix Pack 1 EAL2, ALC_FLR.1 2007.02.14
IBM Tivoli Storage Manager Version 5.5.1 EAL3+, ALC_FLR.1 2009.05.12
IBM Tivoli Netcool/OMNIbus Version 7.3.1 EAL4+, ALC_FLR.3 2012.21.21
IBM DB2 Version 10.1 Enterprise Server Edition for Linux, UNIX and Windows (CC Configuration) EAL4+, ALC_FLR.1 2013.03.28
IBM DB2 Version 11 for z/OS Version   in-evaluation
IBM DB2 Version 9.1 for z/OS Version 1 Release 10 EAL4+, ALC_FLR.3 2012.07.20
IBM DB2 Records Manager V8.4 FP1 EAL3+, ALC_FLR.2 2009.02.25
IBM Informix Dynamic Server Version 11.5 (Enterprise Edition) EAL4+, ALC_FLR.2 2009.02.17
IBM DB2 Document Manager V8.4 Fix Pack 1 EAL3+, ALC_FLR.2 2009.01.30
IBM DB2 Content Manager Enterprise Edition V8.4 Fix Pack 1a EAL4+, ALC_FLR.2 2009.01.27
IBM WebSphere Message Broker Version 6.0.0.3 EAL4, ALC_FLR.2 2008.06.13
IBM WebSpherePortal Version 6.0.0.0 (with APAR PK67104 and APAR PK79436) EAL4 2009.09.25
IBM WebSphere MQ v7.1.0.2 EAL2+, ALC_FLR.2 2014.01.30
IBM WebSphere Application Server Network Deployment (32-bit) V7 EAL4+, ALC_FLR.2 2012.05.25
IBM WebSphere Application Server V7 (32-bit) EAL4+, ALC_FLR.2 2012.05.25
IBM WebSphere Application Server for z/OS V7 EAL4+, ALC_FLR.2 2012.05.25

Operating Systems

Product Evaluated Assurance Level (EAL) Certification Date and link
z/VM Version 6 Release 3   in-evaluation
z/VM Version 6 Release 1 EAL4+, ALC_FLR.3 2013.02.20
IBM z/OS, Version 2 Release 1   in-evaluation
IBM z/OS, Version 1, Release 13 EAL4+, ALC_FLR.3 2012.09.12
IBM AIX 7 for POWER V7.1 Technology level 7100-00-03 with optional IBM Virtual I/O Server V2.2 EAL4+, ALC_FLR.3 2012.08.20
SUSE Linux Enterprise Server 11 Service Pack 2 on IBM System z EAL4+, ALC_FLR.3 2013.03.01
Red Hat Enterprise Linux Version 6.2 on IBM Hardware for Power and System z Architectures EAL4+, ALC_FLR.3 2012.10.23

Hardware

Product Evaluated Assurance Level (EAL) Certification Date and link
PR/SM for IBM zEnterprise EC12 GA2 and BC12 GA1, Driver Level D15F EAL5+, ALC_FLR.3, ALC_TAT.3, ATE_FUN.2, AVA_VAN.5 2014.02.19
PR/SM for IBM zEnterprise EC12 GA1 Driver Level D12K EAL5+, ALC_FLR.3, ALC_TAT.3, ATE_FUN.2, AVA_VAN.5 2013.02.19
PR/SM on IBM Systems z196 GA2 z114 GA1, Driver Level D93G EAL5+, ALC_FLR.3, ALC_TAT.3, ATE_FUN.2 2012.03.01
Processor Resource / Systems Manager (PR/SM) for the IBM z10 EC GA2 and z10 BC GA1 EAL5 2009.05.04
IBM Logical Partition Architecture for Power7 operating on IBM Power Systems hardware with AH730_087 or AM740_088 EAL4+ ALC_FLR.2 2013.05.31

IBM Cryptographic Modules

Module Type Overall Level Validation Date and link
IBM Crypto for C V8.2.2.0 Software 1 2013.08.27
IBM Java JCE FIPS 140-2 Cryptographic Module V1.7 Software 1 2013.08.27
IBM z/VM Version 6 Release 3 System SSL Cryptographic Module Hybrid   in-evaluation
IBM z/VM Version 6 Release 1 System SSL Cryptographic Module Hybrid 1 2012.06.25
IBM z/OS Version 1 Release 13 System SSL Cryptographic Module Hybrid 1 2012.03.12
IBM z/OS Version 1 Release 13 ICSF PKCS#11 Cryptographic Module Hybrid 1 2012.02.06
IBM 4765 Cryptographic Coprocessor Security Module Hardware 4 2012.12.21
IBM LTO Generation 6 Encrypting Tape Drive Hardware   in-evaluation
IBM System Storage TS1140 Tape Drive - Machine Type 3592, Model E07 Hardware   in-evaluation
IBM LTO Generation 5 Encrypting Tape Drive Hardware 1 2011.03.23
IBM Network Intrusion Prevention System (NIPS) Hardware   in-evaluation
IBM Proventia GX Series Security Appliances Hardware 2 2013.04.30
IBM SiteProtector Cryptographic Module V1.1 Software 2 2013.02.19

Connect with IBM Security

Same product, new name!

The product you selected is now offered under a new name. The product page you will be taken to will reflect this new name.