|
|
| |
Security >
Security solutions
Security Evaluations for IBM Products
 |
 |
|
 |
 |
IBM Directory Server
Version 5.1 with FixPak510-01 was evaluated under the Common Criteria
at Evaluated Assurance Level 2 for IBM AIX 5.2, SuSE Linux Enterprise
Server 8, Red Hat Advanced Server 2.1, Microsoft Windows 2000 and Sun
Solaris 8. The certification report was published on 19 August 2003. |
|
|
IBM
Tivoli Directory Server Version 5.2 was evaluated under the Common
Criteria at Evaluated Assurance Level 3, for IBM AIX 5.2, SuSE Linux
Enterprise Server 8, Red Hat Advanced Server 3.0, Microsoft Windows
2000, Sun Solaris 8 and HP-UX 11i. The certification report was published on 02 March 2004. |
|
|
IBM
Tivoli Directory Server Version 6.0, Fix Pack 1, Interim Fix 5, was
evaluated under the Common Criteria at Evaluated Assurance Level 4,
augmented by ALC_FLR.1. The certification report was published on 02 March 2006. |
|
|
IBM Tivoli Access Manager for e-business
Version 4.1 with Fixpack 5 was evaluated under the Common Criteria at
Evaluated Assurance Level 3 (Augmented) for IBM AIX 5.2, SuSE Linux
Enterprise Server 8, Microsoft Windows 2000 Advanced Server SP3 and Sun
Solaris 8. The certification report was published on 16 October 2003. |
|
|
IBM Tivoli Access Manager for e-business Version 5.1 with Fixpack 6 was
evaluated under the Common Criteria with a conformance claim of EAL3
augmented by ALC_FLR.1. The certification report was published on 27 July 2005. |
|
|
IBM Tivoli Access Manager for e-business Version 6.0 with Fixpack 3 was evaluated under the Common Criteria with a conformance claim of EAL3 augmented by ALC_FLR.1. The certification report was published on 12 March 2007. |
|
|
IBM Tivoli Access Manager for Operating Systems
Version 5.1 with Fixpack 17 was evaluated under the Common Criteria
with a conformance claim of EAL3 augmented by ALC_FLR.1. The certification report was published on 24 March 2006. |
|
|
IBM Tivoli Identity Manager Version 4.6 was evaluated under the Common Criteria with a conformance claim of EAL3 augmented by ALC_FLR.1. The certification report was published on 16 February 2006. |
|
|
IBM DB2
Version 8.2 DB2 Universal Database V8.2 Workgroup Server Edition: for
Windows, Linux, AIX, and Solaris; DB2 Universal Database V8.2
Enterprise Server Edition: for Windows, Linux, AIX, and Solaris; DB2
Universal Database V8.2 Personal Edition: for Windows and Linux; DB2
Universal Database V8.2 Express Edition: for Windows and Linux was
evaluated under the Common Criteria at EAL4, augmented with ALC_FLR.1.
The certification is dated 17 September 2004. Specific details are
available at the
National Information Assurance Partnership (NIAP) web site. |
|
IBM DB2 Enterprise Server Edition Version 9.1.1 for Linux, Unix, and
Windows was evaluated under the Common Criteria at EAL 4, augmented with
ALC_FLR.1. The certificate was issued on 26 January 2007. Details are
available at the (NIAP)
web site.
The guidance to installation and usage of DB2 in a Common Criteria
environment is available (in PDF format) at the
DB2
manuals web site. |
|
|
IBM DB2 UDB for z/OS Version 8 is in-evaluation under the Common Criteria with a conformance claim of EAL3. |
|
|
IBM DB2 Content Manager for Multiplatforms
V8.2 was evaluated under the Common Criteria with a conformance claim
of EAL3 augmented with ALC_FLR.1. The Common Criteria certificate was
issued 22 December 2004; additional details are available at NIAP's CCEVS site. |
|
|
WebSphere Application Server
V5.0.2.8 was evaluated under the Common Criteria with a conformance
claim of EAL2, augmented with ALC_FLR.1. The Common Criteria
certificate was issued 02 December 2004; additional details are available at NIAP's CCEVS site. |
|
|
IBM WebSphere Application Server Version 6.0.2.3 (32-bit), WebSphere Application Server Express Version 6.0.2.3, WebSphere Application Server Network Deployment (32-bit) Version 6.0.2.3, and WebSphere Application Server for z/OS Version 6.0.1, service level 6.0.2.3, were evaluated under the Common Criteria with a conformance claim of EAL4 augmented by ALC_FLR.1. The certficate was published on 12 May 2006. |
|
|
IBM WebSphere Application Server Version 6.1.0.2 was evaluated under the Common Criteria with a conformance claim of EAL4 augmented by ALC_FLR.1. The certficate was issued on 16 March 2007. |
|
|
IBM WebSphere Application Server for z/OS Version 6.1.0.2 was evaluated under the Common Criteria with a conformance claim of EAL4 augmented by ALC_FLR.1. The certficate was issued on 16 March 2007. |
|
|
IBM WebSphere Application Server Network Deployment Version 6.1.0.2 was evaluated under the Common Criteria with a conformance claim of EAL4 augmented by ALC_FLR.1. The certficate was issued on 16 March 2007. |
|
|
WebSphere Portal
V5.0.2 was evaluated at EAL2 under the Common Criteria for AIX 5.1 and
5.2, SuSE 7.3 for Intel, SuSE Linux Enterprise Server (SLES) 7 & 8
for Intel, 7 for zSeries, Red Hat Linux 8.0 and Advanced Server 2.1 for
Intel, Sun Solaris 8, Microsoft Windows 2000 Server and Advanced
Server, and Microsoft Windows 2003 Standard and Enterprise. The validation report was published on 23 August 2004. |
|
|
IBM WebSphere MQ
Version 5.3.0.2 with Corrective Service Diskette (CSD) 6 was evaluated
under the Common Criteria at EAL2. The certification is dated 27 April
2004. Specific details are available at the NIAP web site. |
|
|
IBM WebSphere MQ Version 6 is in-evaluation as of 26 August 2005 under the Common Criteria with a conformance claim of EAL4. |
|
|
WebSphere Business Integration
Message Broker, V5.0, Fix Pack 4 was evaluated under the Common
Criteria at Evaluated Assurance Level 3 (Augmented). The Common
Criteria certificate (issued 15 December 2005), validation report and
security target are all available from the National Information Assurance Partnership (NIAP) web site. |
|
|
WebSphere Federation Server Version 9.1, Fix Pack 1 was evaluated under the Common Criteria at Evaluated Assurance Level 4 augmented with ALC_FLR.1. The validation report was published on 25 May 2007. |
|
|
IBM Workplace
Collaborative Learning 2.6, IBM Workplace Team Collaboration 2.6, IBM
Workplace Messaging 2.6, IBM Workplace Documents 2.6, and IBM Workplace
Managed Client 2.6 are in-evaluation under the Common Criteria with a
conformance claim of EAL2. |
|
|
IBM
Global Security Kit (GSKit) Version 7c, a security component used by
multiple IBM middleware products, was evaluated under the Common
Criteria with an Evaluated Assurance Level of 4, with a completion date
of March 2005. |
|
|
IBM Global Security Kit (GSKit) Version 7.0.4.11, a security component used by multiple IBM middleware products, was evaluated under the Common Criteria with an Evaluated Assurance Level of 4. The certificate was published on 2 August 2007. |
|
|
IBM WebSphere Everyplace Connection Manager (WECM)
V6.1 is in-evaluation as of 12 December 2005 under the Common Criteria
with a conformance claim of EAL3 augmented with ALC_FLR.1. |
|
|
IBM Tivoli License Compliance Manager Version 2.2 Fix Pack 1 was evaluated under the Common Criteria with a conformance claim of EAL2 augmented with ALC_FLR.1. The certification report was published on 14 February 2007. |
|
|
IBM Tivoli Storage Manager is in-evaluation as of 04 April 2006 under the Common Criteria with a conformance claim of EAL3+. |
|
The IBM JCOP21id 32K
has been evaluated at CMVP FIPS 140-2 Overall Level 3. Certificate No.
363 was published with a validation date of 26 November 2003. |
|
|
The NXP P541G072V0P (JCOP 41 v2.3.1) smart card with Java Card platform was evaluated under the Common Criteria at Evaluated Assurance Level 4, augmented with ADV_IMP.2, ALC_DVS.2, AVA_MSU.3 and AVA_VLA.4. The evaluation used the Java Card System Protection Profile Collection, Version: 1.0b, August 2003, Minimal Configuration Protection Profile (DCSSI PP/0303). The certification report was published on 10 August 2007. |
|
|
|
The
IBM Crypto for C (ICC) Version 0.1 has been evaluated at CMVP 140-2
Overall Level 1 for IBM AIX 5.2 (single user mode), Sun Solaris 5.8 and
Microsoft Windows 2000 (single user mode). Certificate No. 350 was
published with a validation date of 03 October 2003. |
|
|
The
IBM Crypto for C (ICC) Versions 1.1, 1.2 and 1.2.1, when operated in
FIPS mode, have been evaluated at CMVP 140-2 Overall Level 1 for IBM
AIX 5.2, Sun Solaris 5.8, Microsoft Windows 2000 Professional and
Advanced Server, SuSE Linux Enterprise Server 8 (x86 and PowerPC),
RedHat Linux Advanced Server 2.1 (x86), and HPUX 11i – all in single
user mode. Certificate No.384 was published with a validation date of 24 February 2004.
The IBM Crypto for C (ICC) Version 1.4.5 has been evaluated at CMVP 140-2 Overall Level 1 for Sun Solaris 9 , HPUX 11i, AIX 5.2, RedHat Enterprise Linux v4(IA-32,AMD64,PowerPC,zSeries), SuSE Linux Enterprise Server 9 (IA-32,AMD64,PowerPC,zSeries), Microsoft Windows Server 2003(IA-32,AMD64). Certificate No. 775 was published with a validation date of May 18 2007. |
|
|
The
IBM Java JCE 140-2 Cryptographic Module Version 1.1 has been evaluated
at CMVP 140-2 Overall Level 1 for Windows 2000 Professional SP3 (JVM
1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM
1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and
1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), RedHat Linux
Advanced Server 2.1 (JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1) – all
in single user mode. Certificate No. 376 was published with a validation date of 30 January 2004. |
|
|
The
IBM Java JCE 140-2 Cryptographic Module Version 1.2 has been evaluated
at CMVP 140-2 Overall Level 1 for Windows XP Professional using IBM JVM
1.4.2 (single-user mode). Certificate No. 497 was published with a validation date of 11 January 2005. |
|
|
The
IBM CryptoLite in C Version 3.0 has been evaluated at CMVP 140-2
Overall Level 1 for Red Hat Linux 8.0 (single user mode) and Microsoft
Windows 2000 Professional SP3. Certificate No. 356 was published with a
validation date of 20 November 2003. |
|
|
The
IBM CryptoLite in Java Version 3.0 has been evaluated at CMVP 140-2
Overall Level 1 for IBM AIX 5.2 (single user mode), Sun Solaris 5.8 and
Microsoft Windows 2000 Professional SP3. Certificate No. 354 was
published with a validation date of 27 October 2003. |
|
|
The
IBM Everyplace Wireless Gateway Cryptographic Module Version 1.6 has
been evaluated at CMVP 140-2 Overall Level 2 for IBM AIX 5L Version 5.2
and Trusted Solaris 8. Certificate No. 321 was published with a
validation date of 29 May 2003. |
|
|
The
IBM Everyplace Wireless Gateway Cryptographic Module Version 1.6 has
been evaluated at CMVP 140-2 Overall Level 1 for Microsoft Windows 2000
SP2 and Microsoft Pocket PC 2002. Certificate No. 320 was published
with a validation date of 29 May 2003. |
|
|
The
IBM Java JSSE FIPS 140-2 Cryptographic Module Version 1.1 has been
evaluated at CMVP 140-2 Overall Level 1 with Windows 2000 Professional
SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4
(JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1
and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), Red Hat
Linux Advanced Server 2.1(JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1),
and z/OS V1R4 (JVM 1.4.1). Certificate No. 409 was published with a validation date of 05 April 2004. |
|
|
The
IBM SSLite in Java Version 3.15.3232 has been evaluated at CMVP 140-2
Overall Level 1 with Windows 2000 SP3 (JRE 1.3.1_03) and Red Hat Linux
8.0 (JRE 1.3.1_07). Certificate No. 406 was published with a validation date of 18 March 2004. |
|
eServer zSeries 900 PR/SM evaluated at Common Criteria EAL5 on 27 February 2003. |
|
|
eServer zSeries 800 and 900 GA3 PR/SM evaluated at Common Criteria EAL5 and EAL4 on 06 June 2003. |
|
|
eServer zSeries 990 Processor Resource/System Manager (PR/SM) evaluated at Common Criteria EAL5 in Germany, EAL4 world-wide, on 13 May 2004. |
|
|
PR/SM LPAR for IBM eServer zSeries 890 and 990, evaluated at Common Criteria EAL5 in Germany, EAL4 world-wide, on 13 May 2005. |
|
|
PR/SM
LPAR for the IBM System z9 109 was evaluated under the Common Criteria
at evaluated assurance level 5 in Germany, level 4 world-wide. The certificate was published on 24 March 2006. |
|
|
PR/SM
LPAR for the IBM System z9 Enterprise Class and the IBM System z9
Business Class were evaluated under the Common Criteria at Evaluated
Assurance Level 5 in Germany, Level 4 world-wide. The BSI issued
certificate ID BSI-DSZ-CC-0378-2006 on 04 September 2006. |
|
z/OS
V1.6 was evaluated under the Common Criteria at Evaluated Assurance
Level 3 (Augmented) using both the Controlled Access Protection Profile
(CAPP) and the Labeled Security Protection Profile (LSPP). The certification report was published on 09 March 2005. |
|
|
z/OS
Version 1.7 was evaluated under the Common Criteria, using the CAPP and
the LSPP, at Evaluated Assurance Level 4, augmented by ALC_FLR.1. The certificate was published on 02 March 2006.
z/OS Version 1.8 was evaluated under the Common Criteria, using the CAPP and the LSPP, at Evaluated Assurance Level 4, augmented by ALC_FLR.1. The certificate was published in May 2007.
|
|
z/VM
Version 5 Release 1 was evaluated under the Common Criteria at
Evaluated Assurance Level 3 (Augmented) using both the Controlled
Access Protection Profile (CAPP) and the Labeled Security Protection
Profile (LSPP). Certification report (BSI-DSZ-CC-0258-2005)
was published on 26 October 2005 by the German Federal Office of
Information Security (Bundesamt für Sicherheit in der
Informationstechnik, BSI). The security target is also available from the BSI's web site. |
|
S/390 CMOS cryptographic co-processor evaluated at NIST FIPS 140-1 Level 4. View the PDF |
|
|
S/390 PR/SM evaluated at ITSEC E4
- S/390 CMOS G6 Family, March 16, 2000
- S/390 CMOS G5 Family, March 1999
- 9021 and 9121 Processor Families, October 1995
|
|
|
OS/390
has received International Computer Security Association ICSA)
Certification for the crypto algorithms in S/390 Virtual Private
Network (VPN) support. |
|
|
MVS 3.1.3 along with RACF 1.9.0 and the trusted computing base were evaluated at DoD TCSEC B1 in 1990. |
|
|
Follow-on versions of OS/390 have not been re-submitted (RAMPed), but are typically "designed to meet" C2 or higher. |
|
The
IBM eServer Cryptographic Coprocessor Security Module, (Hardware
Version: P/N 16R0911, Model 4764-001; Firmware Version: 1.16), has been
evaluated at CMVP 140-2 Overall Level 4, when operated in FIPS mode.
Certificate No. 524 was published with a validation date of 01 May 2005. |
|
AIX 5L for POWER Version 5.2 was evaluated under the Common Criteria using the CAPP, achieving an EAL4 (Augmented). The certification report was published on 08 September 2003. |
|
|
AIX
5L for POWER Version 5.2 Maintenance Level 5200-04 was evaluated under
the Common Criteria, using the CAPP, with a conformance claim of EAL4
(Augmented). |
|
|
AIX
5L for POWER Version 5.2, Maintenance Level 5200-05, with Innovative
Security Systems Pitbull Foundation Version 5.0, was evaluated under
the Common Criteria at Evaluated Assurance Level 4 augmented by
ALC_FLR.1 using the Labelled Security Protection Profile (LSPP). The certificate was published on 02 May 2006. |
|
|
AIX
5L for POWER Version 5.3, Maintenance Level 5300-04, is in-evaluation
under the Common Criteria, using the CAPP, with a conformance claim of
EAL4+. |
|
AIX
4.2 was successfully evaluated for security at ITSEC E3 level of
assurance and F-C2 function class in May 1997 AIX 4.3 was the first
64-bit operating system certified at the ITSEC E3/F-C2 level, May 1998. |
|
|
AIX 4.3 with Bull's EST 2.0.1 received a common criteria B1 rating. |
|
|
AIX 4.3 first UNIX OS to offer International Computer Security Association (ICSA) Virtual Private Network (VPN) Certification. |
|
|
AIX 4.3.1 was evaluated at the DoD TCSEC C2 level in Jan 1999, (first 64-bit UNIX OS to be awarded C2). |
|
IBM i5/OS
V5R3M0 running on IBM eServer models 520, 550, and 570 with Software
Feature Code 1930 was evaluated under the Common Criteria at Evaluated
Assurance Level 4 (Augmented) using the Controlled Access Protection
Profile (CAPP). The Common Criteria certificate (issued 10 August
2005), validation report and security target are all available from the
National Information Assurance Partnership (NIAP) web site. |
|
OS/400 V2R3 received a DoD TCSEC C2 rating in Oct 1995. |
|
|
V3R2 was RAMPed (evaluate all changes) at the C2 level in Oct 1997. |
|
|
V4R1 was RAMPed at the C2 level in Oct 1998. |
|
|
|
IBM sponsored the Common Criteria evaluation of SuSE Linux Enterprise Server
Version 8, Service Pack 3, RC4, with certifcation-sles-eal3 package.
The evaluation was performed using the CAPP (Controlled Access
Protection Profile) and achieved an EAL (Evaluated Assurance Level) 3,
augmented by ALC_FLR.2 (flaw reporting procedures). The certification report was published on 14 January 2004. |
|
|
IBM
sponsored the Common Criteria evaluation of SuSE Linux Enterprise
Server Version 9, with certifcation-sles-ibm-eal4 package. The
evaluation was performed using the CAPP, and achieved an EAL4,
augmented by ALC_FLR.3. The certification report was published on 09 March 2005. |
|
|
IBM sponsored the Common Criteria evaluation of SuSE Linux Enterprise Server Version 10 SP1. The evaluation was performed using the CAPP, and achieved an EAL4, augmented by ALC_FLR.3. The certification report was published on 8 October 2007. |
|
|
Red
Hat Enterprise Linux 3, Update 2 on IBM eServers was evaluated under
the Common Criteria, using the Controlled Access Protection Profile
(CAPP), achieving EAL3, augmented. The evaluation results, announced 03
August 2004, are for Red Hat Enterprise Linux WS on xSeries, and Red
Hat Enterprise Linux AS on xSeries, iSeries, pSeries, zSeries as well
as Opteron-based systems. |
|
|
Red
Hat Enterprise Linux Version 4, Update 1, AS and WS, was evaluated
under the Common Criteria, using the Controlled Access Protection
Profile (CAPP), achieving EAL4, augmented with ALC_FLR.3. This
evaluation was achieved on the following IBM hardware platforms: IBM
xSeries (including Intel Xeon, Intel Xeon EM64T and AMD Opteron based
systems), pSeries, iSeries, zSeries, eServer, and IBM Blade center. The
certificate was issued on 26 January 2006.
|
|
|
Red Hat Enterprise Linux Version 5 was evaluated under the Common Criteria, using the Controlled Access Protection Profile (CAPP), the Labelled Security Protection Profile (LSPP), and the Role-Based Access Control (RBAC) Protection Profile. The evaluation achieved an Evaluated Assurance Level 4, augmented with ALC_FLR.3. The certificate was issued on 07 June 2007. Additional details may be found at the NIAP web site. |
|
Netfinity HW was designed to meet C2 level of trust. |
|
|
Windows NT Server and Workstation 3.51 and 4.0 evaluated at ITSEC E3/F-C2. |
|
|
Windows NT Server and Workstation 3.5 has been evaluated at TCSEC C2. |
|
None, although Netfinity HW was designed to meet C2 level of trust. |
|
IBM Firewall for AIX Version 3.1.1. |
|
|
IBM Firewall for AS/400 version 5769FW1. |
|
|
IBM eNetwork Firewall 3.2 for NT.1 |
|
|
