Security solutions

IBM Tivoli Directory Server Version 5.2 was evaluated under the Common Criteria at Evaluated Assurance Level 3, for IBM AIX 5.2, SuSE Linux Enterprise Server 8, Red Hat Advanced Server 3.0, Microsoft Windows 2000, Sun Solaris 8 and HP-UX 11i. The certification report (PDF, 450KB) was published on 02 March 2004.

IBM Tivoli Directory Server Version 6.0, Fix Pack 1, Interim Fix 5, was evaluated under the Common Criteria at Evaluated Assurance Level 4, augmented by ALC_FLR.1. The certification report was published on 02 March 2006.

IBM Tivoli Directory Server Version 6.1 was evaluated under the Common Criteria (PDF, 403KB) at Evaluated Assurance Level 4, augmented by ALC_FLR.1 for Microsoft Windows Server 2003 R2 Enterprise Edition, IBM AIX 5.3, Sun Solaris 10, HP-UX 11i v2, Red Hat Advanced Server 5.0, SuSE Linux Enterprise Server 10. The certification report was published on 28 April 2008.

IBM Tivoli Access Manager for e-business Version 4.1 with Fixpack 5 was evaluated under the Common Criteria at Evaluated Assurance Level 3 (Augmented) for IBM AIX 5.2, SuSE Linux Enterprise Server 8, Microsoft Windows 2000 Advanced Server SP3 and Sun Solaris 8. The certification report (PDF, 327KB) was published on 16 October 2003.

IBM Tivoli Access Manager for e-business Version 5.1 with Fixpack 6 was evaluated under the Common Criteria with a conformance claim of EAL3 augmented by ALC_FLR.1. The certification report was published on 27 July 2005.

IBM Tivoli Access Manager for e-business Version 6.0 with Fixpack 3 was evaluated under the Common Criteria with a conformance claim of EAL3 augmented by ALC_FLR.1. The certification report was published on 12 March 2007.

IBM Tivoli Access Manager for Operating Systems Version 5.1 with Fixpack 17 was evaluated under the Common Criteria with a conformance claim of EAL3 augmented by ALC_FLR.1. The certification report was published on 24 March 2006.

IBM Tivoli Identity Manager Version 4.6 was evaluated under the Common Criteria with a conformance claim of EAL3 augmented by ALC_FLR.1. The certification report was published on 16 February 2006.

IBM Tivoli Identity Manager Version 5.0 was evaluated under the Common Criteria with a conformance claim of EAL3 augmented by ALC_FLR.1. The certification report was published on 08 June 2009.

Several IBM DB2 for Linux, Unix, and Windows products have been certified under the Common Criteria at evaluation assurance level (EAL 4), augmented with ALC_FLR.1. Details are available at the NIAP web site.

IBM DB2 UDB for z/OS Version 8 is in-evaluation under the Common Criteria with a conformance claim of EAL3.

IBM DB2 Content Manager for Multiplatforms V8.2 was evaluated under the Common Criteria with a conformance claim of EAL3 augmented with ALC_FLR.1. The Common Criteria certificate was issued 22 December 2004; additional details are available at NIAP's CCEVS site.

WebSphere Application Server V5.0.2.8 was evaluated under the Common Criteria with a conformance claim of EAL2, augmented with ALC_FLR.1. The Common Criteria certificate was issued 02 December 2004; additional details are available at NIAP's CCEVS site.

IBM WebSphere Application Server Version 6.0.2.3 (32-bit), WebSphere Application Server Express Version 6.0.2.3, WebSphere Application Server Network Deployment (32-bit) Version 6.0.2.3, and WebSphere Application Server for z/OS Version 6.0.1, service level 6.0.2.3, were evaluated under the Common Criteria with a conformance claim of EAL4 augmented by ALC_FLR.1. The certificate was published on 12 May 2006.

IBM WebSphere Application Server Version 6.1.0.2 was evaluated under the Common Criteria with a conformance claim of EAL4 augmented by ALC_FLR.1. The certificate (PDF, 22KB) was issued on 16 March 2007.

IBM WebSphere Application Server for z/OS Version 6.1.0.2 was evaluated under the Common Criteria with a conformance claim of EAL4 augmented by ALC_FLR.1. The certificate (PDF, 327KB) was issued on 16 March 2007.

IBM WebSphere Application Server Network Deployment Version 6.1.0.2 was evaluated under the Common Criteria with a conformance claim of EAL4 augmented by ALC_FLR.1. The certificate (PDF, 22KB) was issued on 16 March 2007.

WebSphere Portal V5.0.2 was evaluated at EAL2 under the Common Criteria for AIX 5.1 and 5.2, SuSE 7.3 for Intel, SuSE Linux Enterprise Server (SLES) 7 & 8 for Intel, 7 for zSeries, Red Hat Linux 8.0 and Advanced Server 2.1 for Intel, Sun Solaris 8, Microsoft Windows 2000 Server and Advanced Server, and Microsoft Windows 2003 Standard and Enterprise. The validation report was published on 23 August 2004.

IBM WebSphere MQ Version 5.3.0.2 with Corrective Service Diskette (CSD) 6 was evaluated under the Common Criteria at EAL2. The certification is dated 27 April 2004. Specific details are available at the NIAP web site.

IBM WebSphere MQ Version 6 is in-evaluation as of 26 August 2005 under the Common Criteria with a conformance claim of EAL4.

WebSphere Business Integration Message Broker, V5.0, Fix Pack 4 was evaluated under the Common Criteria at Evaluated Assurance Level 3 (Augmented). The Common Criteria certificate (issued 15 December 2005), validation report and security target are all available from the National Information Assurance Partnership (NIAP) web site.

WebSphere Federation Server Version 9.1, Fix Pack 1 was evaluated under the Common Criteria at Evaluated Assurance Level 4 augmented with ALC_FLR.1. The validation report was published on 25 May 2007.

IBM Workplace Collaborative Learning 2.6, IBM Workplace Team Collaboration 2.6, IBM Workplace Messaging 2.6, IBM Workplace Documents 2.6, and IBM Workplace Managed Client 2.6 are in-evaluation under the Common Criteria with a conformance claim of EAL2.

IBM Global Security Kit (GSKit) Version 7c, a security component used by multiple IBM middleware products, was evaluated under the Common Criteria with an Evaluated Assurance Level of 4, with a completion date of March 2005.

IBM Global Security Kit (GSKit) Version 7.0.4.11, a security component used by multiple IBM middleware products, was evaluated under the Common Criteria with an Evaluated Assurance Level of 4. The certificate (PDF, 22KB) was published on 2 August 2007.

IBM WebSphere Everyplace Connection Manager (WECM) V6.1 is in-evaluation as of 12 December 2005 under the Common Criteria with a conformance claim of EAL3 augmented with ALC_FLR.1.

IBM Tivoli License Compliance Manager Version 2.2 Fix Pack 1 was evaluated under the Common Criteria with a conformance claim of EAL2 augmented with ALC_FLR.1. The certification report was published on 14 February 2007.

IBM Tivoli Storage Manager is in-evaluation as of 04 April 2006 under the Common Criteria with a conformance claim of EAL3+.

Back to top

The IBM JCOP21id 32K has been evaluated at CMVP FIPS 140-2 Overall Level 3. Certificate No. 363 was published with a validation date of 26 November 2003.

The NXP P541G072V0P (JCOP 41 v2.3.1) smart card with Java Card platform was evaluated under the Common Criteria at Evaluated Assurance Level 4, augmented with ADV_IMP.2, ALC_DVS.2, AVA_MSU.3 and AVA_VLA.4. The evaluation used the Java Card System Protection Profile Collection, Version: 1.0b, August 2003, Minimal Configuration Protection Profile (DCSSI PP/0303). The certification report was published on 10 August 2007.

Back to top

The IBM Crypto for C (ICC) Version 0.1 has been evaluated at CMVP 140-2 Overall Level 1 for IBM AIX 5.2 (single user mode), Sun Solaris 5.8 and Microsoft Windows 2000 (single user mode). Certificate No. 350 was published with a validation date of 03 October 2003.

The IBM Crypto for C (ICC) Versions 1.1, 1.2 and 1.2.1, when operated in FIPS mode, have been evaluated at CMVP 140-2 Overall Level 1 for IBM AIX 5.2, Sun Solaris 5.8, Microsoft Windows 2000 Professional and Advanced Server, SuSE Linux Enterprise Server 8 (x86 and PowerPC), RedHat Linux Advanced Server 2.1 (x86), and HPUX 11i – all in single user mode. Certificate No.384 was published with a validation date of 24 February 2004.

The IBM Crypto for C (ICC) Version 1.4.5 has been evaluated at CMVP 140-2 Overall Level 1 for Sun Solaris 9 , HPUX 11i, AIX 5.2, RedHat Enterprise Linux v4(IA-32,AMD64,PowerPC,zSeries), SuSE Linux Enterprise Server 9 (IA-32,AMD64,PowerPC,zSeries), Microsoft Windows Server 2003(IA-32,AMD64). Certificate No. 775 was published with a validation date of May 18 2007.

The IBM Java JCE 140-2 Cryptographic Module Version 1.1 has been evaluated at CMVP 140-2 Overall Level 1 for Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), RedHat Linux Advanced Server 2.1 (JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1) – all in single user mode. Certificate No. 376 was published with a validation date of 30 January 2004.

The IBM Java JCE 140-2 Cryptographic Module Version 1.2 has been evaluated at CMVP 140-2 Overall Level 1 for Windows XP Professional using IBM JVM 1.4.2 (single-user mode). Certificate No. 497 was published with a validation date of 11 January 2005.

The IBM CryptoLite in C Version 3.0 has been evaluated at CMVP 140-2 Overall Level 1 for Red Hat Linux 8.0 (single user mode) and Microsoft Windows 2000 Professional SP3. Certificate No. 356 was published with a validation date of 20 November 2003.

The IBM CryptoLite in Java Version 3.0 has been evaluated at CMVP 140-2 Overall Level 1 for IBM AIX 5.2 (single user mode), Sun Solaris 5.8 and Microsoft Windows 2000 Professional SP3. Certificate No. 354 was published with a validation date of 27 October 2003.

The IBM Everyplace Wireless Gateway Cryptographic Module Version 1.6 has been evaluated at CMVP 140-2 Overall Level 2 for IBM AIX 5L Version 5.2 and Trusted Solaris 8. Certificate No. 321 was published with a validation date of 29 May 2003.

The IBM Everyplace Wireless Gateway Cryptographic Module Version 1.6 has been evaluated at CMVP 140-2 Overall Level 1 for Microsoft Windows 2000 SP2 and Microsoft Pocket PC 2002. Certificate No. 320 was published with a validation date of 29 May 2003.

The IBM Java JSSE FIPS 140-2 Cryptographic Module Version 1.1 has been evaluated at CMVP 140-2 Overall Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), Red Hat Linux Advanced Server 2.1(JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), and z/OS V1R4 (JVM 1.4.1). Certificate No. 409 was published with a validation date of 05 April 2004.

The IBM SSLite in Java Version 3.15.3232 has been evaluated at CMVP 140-2 Overall Level 1 with Windows 2000 SP3 (JRE 1.3.1_03) and Red Hat Linux 8.0 (JRE 1.3.1_07). Certificate No. 406 was published with a validation date of 18 March 2004.

Back to top

Evaluated at Common Criteria at Evaluation Assurance Level 3 (EAL3) on September 10, 2001. (See the "Sensitive Data Protection" table, located halfway down the page.)
Also see: NIAP Validated Product: IBM Cryptographic Security Chip for PC Clients.

See IBM Embedded Security Subsystem (select "IBM Embedded Security Subsystem") for more information.

Back to top

zSeries Logical PARtitioning (LPAR)eServer zSeries 900 PR/SM evaluated at Common Criteria EAL5 (PDF, 655KB) on 27 February 2003.

eServer zSeries 800 and 900 GA3 PR/SM evaluated at Common Criteria EAL5 (PDF, 267KB) and EAL4 (PDF, 261KB) on 06 June 2003.

eServer zSeries 990 Processor Resource/System Manager (PR/SM) evaluated at Common Criteria EAL5 (PDF, 283KB) in Germany, EAL4 (PDF, 266KB) world-wide, on 13 May 2004.

PR/SM LPAR for IBM eServer zSeries 890 and 990, evaluated at Common Criteria EAL5 (PDF, 636KB) in Germany, EAL4 (PDF, 628KB) world-wide, on 13 May 2005.

PR/SM LPAR for the IBM System z9 109 was evaluated under the Common Criteria at evaluated assurance level 5 in Germany, level 4 world-wide. The certificate (PDF, 295KB) was published on 24 March 2006.

PR/SM LPAR for the IBM System z9 Enterprise Class and the IBM System z9 Business Class were evaluated under the Common Criteria at Evaluated Assurance Level 5 in Germany, Level 4 world-wide. The BSI issued certificate (PDF, 309KB) ID BSI-DSZ-CC-0378-2006 on 04 September 2006.

PR/SM LPAR for the IBM System z10 Enterprise Class (driver level 73G) was evaluated under the Common Criteria at Evaluated Assurance Level 5 in Germany, Level 4 world-wide. The BSI issued certificate (PDF, 754KB), ID BSI-DSZ-CC-0460-2008, was published on 29 October, 2008.

PR/SM LPAR for the IBM System z10 Business Class, GA1, was evaluated under the Common Criteria at Evaluated Assurance Level 5 (EAL5) in Germany, EAL4 world-wide. PR/SM was certified by Germany's Federal Office for Information Security (BSI) on May 5th, 2009. The BSI issued certificate (PDF, 403KB), number is BSI-DSZ-CC-0557-2009. System z10 Enterprise Class and Business Class servers are now EAL5 certified.

Back to top

IBM LPAR for POWER4 for the IBM pSeries — Firmware Releases: 3R031021 (p630), 3K031021 (p650) and 3H031021 (p690) is evaluated under the Common Criteria with an Evaluated Assurance Level 4, augmented by ALC_FLR.1 (Basic Flaw Remediation) (PDF, 298KB) on 26 January 2004.

IBM LPAR for POWER6 was evaluated under the Common Criteria with an Evaluated Assurance Level 4 augmented by ALC_FLR.2. The certification report was published on 7 November 2007.

Back to top

eServer zSeries running z/OSz/OS V1.6 was evaluated under the Common Criteria at Evaluated Assurance Level 3 (Augmented) using both the Controlled Access Protection Profile (CAPP) and the Labeled Security Protection Profile (LSPP). The certification report (PDF, 686KB) was published on 09 March 2005.

z/OS Version 1.7 was evaluated under the Common Criteria, using the CAPP and the LSPP, at Evaluated Assurance Level 4, augmented by ALC_FLR.1. The certificate (PDF, 569KB) was published on 02 March 2006.

z/OS Version 1.8 was evaluated under the Common Criteria, using the CAPP and the LSPP, at Evaluated Assurance Level 4, augmented by ALC_FLR.1. The certificate (PDF, 363KB) was published in May 2007.

z/OS Version 1.9 was evaluated under the Common Criteria, using the CAPP and the LSPP, at Evaluated Assurance Level 4, augmented by ALC_FLR.1. The certificate (PDF, 378KB) was published in March 2008.

Back to top

z/VM Version 5 Release 1 was evaluated under the Common Criteria at Evaluated Assurance Level 3 (Augmented) using both the Controlled Access Protection Profile (CAPP) and the Labeled Security Protection Profile (LSPP). Certification report (BSI-DSZ-CC-0258-2005) (PDF, 172KB) was published on 26 October 2005 by the German Federal Office of Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). The security target (PDF, 339KB) is also available from the BSI's web site.

Back to top

S/390 CMOS cryptographic co-processor evaluated at NIST FIPS 140-1 Level 4. View the PDF S/390 PR/SM evaluated at ITSEC E4

1. 1. S/390 CMOS G6 Family, March 16, 2000
2. 2. S/390 CMOS G5 Family, March 1999
3. 3. 9021 and 9121 Processor Families, October 1995

OS/390 has received International Computer Security Association ICSA) Certification for the crypto algorithms in S/390 Virtual Private Network (VPN) support.

MVS 3.1.3 along with RACF 1.9.0 and the trusted computing base were evaluated at DoD TCSEC B1 in 1990.

Follow-on versions of OS/390 have not been re-submitted (RAMPed), but are typically "designed to meet" C2 or higher.

Back to top

World's first product to be certified at NIST FIPS 140-1 Level 4.

Approved by German ZKA for operation as a security module in electronic cash networks.

Visit the IBM 4758 PCI Cryptographic Co-Processor website.

Back to top

The IBM eServer Cryptographic Coprocessor Security Module, (Hardware Version: P/N 16R0911, Model 4764-001; Firmware Version: 1.16), has been evaluated at CMVP 140-2 Overall Level 4, when operated in FIPS mode. Certificate No. 524 was published with a validation date of 01 May 2005.

Back to top

AIX 5L for POWER Version 5.2 was evaluated under the Common Criteria using the CAPP, achieving an EAL4 (Augmented). The certification report(PDF, 300KB) was published on 08 September 2003.

AIX 5L for POWER Version 5.2 Maintenance Level 5200-04 was evaluated under the Common Criteria, using the CAPP, with a conformance claim of EAL4 (Augmented).

AIX 5L for POWER Version 5.2, Maintenance Level 5200-05, with Innovative Security Systems Pitbull Foundation Version 5.0, was evaluated under the Common Criteria at Evaluated Assurance Level 4 augmented by ALC_FLR.1 using the Labelled Security Protection Profile (LSPP). The certificate was published on 02 May 2006.

AIX 5L for POWER Version 5.3, Maintenance Level 5300-04, is in-evaluation under the Common Criteria, using the CAPP, with a conformance claim of EAL4+.

Back to top

LSPP, RBACPP, CAPP/EAL4+ for AIX 6100-00-02 with Workload Partitions and the Virtual I/O Server
IBM AIX Version 6.1 at Technology Level 6100-00-02 has been certified to meet the requirements of the Common Access Protection Profile (CAPP), the Labeled Security Protection Profile (LSPP) and the Role Based Access Control Protection Profile (RBACPP) for the Common Criteria for Information Security Evaluation (CC) at Evaluation Assurance Level 4+. The certification was issued by the Bundesamt für Sicherheit in der Informationstechnik (BSI). The AIX 6 Workload Partitions (WPAR) and the Virtual I/O Server Version 1.5 component of the PowerVM feature of Power Systems were included in the evaluation. The certification id is BSI-DSZ-CC-0461-2008 (PDF, 406KB).

CAPP/EAL4+ for AIX 5L 5300-05-02 with Virtual I/O Server
IBM AIX 5L for POWER V5.3 Technology Level 5300-05-02 along with the Virtual I/O Server Version 1.3 has been certified to meet the requirements of the Controlled Access Protection Profile (CAPP) for The Common Criteria for Information Security Evaluation (CC) at Evaluation Assurance Level 4+. The certification was issued by the Bundesamt für Sicherheit in der Informationstechnik (BSI). The Virtual I/O Server component of the Advanced POWER Virtualization feature of System p was included in the evaluation. The certification id is BSI-DSZ-CC-0385-2006.

LSPP/EAL4+ for AIX 5L 5300-05 with Pitbull Foundation Version 5.0
AIX 5L for POWER V5.3 Technology Level 5300-05-02 with PitBull Foundation Suite 5.0 and optional IBM Virtual I/O Server (VIOS) Version 1.3 has been certified to meet the requirements of the Labeled Security Protection Profile (LSPP) for The Common Criteria for Information Security Evaluation (CC) at Evaluation Assurance Level 4+. The certification was issued by the Bundesamt für Sicherheit in der Informationstechnik (BSI). The certificate id number is BSI-DSZ-CC-0396-2007.

LSPP/EAL4+ for AIX 5L 5200-06 with Pitbull Foundation Version 5.0
ABundesamt für Sicherheit in der Informationstechnik (BSI) Security Certification for PitBull Foundation Version 5.0 for AIX 5L for POWER Version 5200-05. This certification verifies that PitBull Foundation Version 5.0 for AIX 5L for POWER Version 5200-05 has been developed to meet the requirements of the Labeled Security Protection Profile (LSPP) and to meet the assurance requirements of Evaluation Assurance Level 4 augmented (EAL4+). The certificate number is BSI-DSZ-CC-0303-2006.

CAPP/EAL4+ for AIX 5L 5200-06
Bundesamt für Sicherheit in der Informationstechnik (BSI) Security Certification for AIX 5L for POWER Version 5200-06. This certification verifies that AIX 5L for POWER Version 5200-06 has been developed to meet the requirements of the Controlled Access Protection Profile (CAPP) and to meet the assurance requirements of Evaluation Assurance Level 4 augmented (EAL4+). The certificate number is BSI-DSZ-CC-0302-2005.

EAL4+
CAPP/EAL4+ for AIX 5L 5200-01
This certification verifies that AIX 5L for Power V5.2 has been developed to meet the requirements of the Controlled Access Protection Profile (CAPP) and to meet the assurance requirements of Evaluation Assurance Level 4 augmented (EAL4+). The assurance level is augmented by Basic Flaw Remediation. This evaluation level is achieved through a rigorous inspection of the AIX source code and testing by an independent auditing organization and certified by the German government authority, BSI.

LPAR on Power4 Common Criteria, Part 2 & EAL4+
Bundesamt für Sicherheit in der Informationstechnik (BSI) Security Certification for IBM LPAR for POWER4 for the IBM pSeries p630, p650 and p690.
This certification verifies that the logical partitioning architecture (LPAR) for POWER4 for the IBM pSeries systems p630, p650 and p690 has been evaluated at an independent, accredited and licensed evaluation facility using the Common Methodology of IT Security Evaluation. This certification further verifies that the IBM LPAR for POWER4 for the IBM pSeries functionality is Common Criteria Part 2 conformant and meets the assurance requirements of Evaluation Assurance Level 4 augmented (EAL4+). The assurance level is augmented by Basic Flaw Remediation. This evaluation level was achieved through rigorous inspection and testing of the firmware by the independent evaluation facility and certified by the German government authority, BSI.

AIX 4.2 C2
Trusted Computer Systems Evaluation Criteria (TCSEC) C2 Level of Evaluation Certification
The assessment for the C2 level of security classification, issued by the United States National Security Agency, is performed under rigorous standards in accordance with the Trusted Computer Systems Evaluation Criteria (TCSEC). A system that has been rated C2 enforces a discretionary access control policy to protect information and allows users to share information under their control with other specified users. It enforces accountability and controls access to the system by identifying and authenticating users, prevents access to residual information from a previous user's actions, and provides capability for auditing security related events.

Back to top

IBM i5/OS V5R3M0 running on IBM eServer models 520, 550, and 570 with Software Feature Code 1930 was evaluated under the Common Criteria at Evaluated Assurance Level 4 (Augmented) using the Controlled Access Protection Profile (CAPP). The Common Criteria certificate (issued 10 August 2005), validation report and security target are all available from the National Information Assurance Partnership (NIAP) web site.

Back to top

OS/400 V2R3 received a DoD TCSEC C2 rating in Oct 1995.

V3R2 was RAMPed (evaluate all changes) at the C2 level in Oct 1997.

V4R1 was RAMPed at the C2 level in Oct 1998.

Back to top

IBM sponsored the Common Criteria evaluation of SuSE Linux Enterprise Server Version 8, Service Pack 3, RC4, with certifcation-sles-eal3 package. The evaluation was performed using the CAPP (Controlled Access Protection Profile) and achieved an EAL (Evaluated Assurance Level) 3, augmented by ALC_FLR.2 (flaw reporting procedures). The certification report (PDF, 326KB) was published on 14 January 2004.

IBM sponsored the Common Criteria evaluation of SuSE Linux Enterprise Server Version 9, with certifcation-sles-ibm-eal4 package. The evaluation was performed using the CAPP, and achieved an EAL4, augmented by ALC_FLR.3. The certification report (PDF, 188KB) was published on 09 March 2005.

IBM sponsored the Common Criteria evaluation of SuSE Linux Enterprise Server Version 10 SP1. The evaluation was performed using the CAPP, and achieved an EAL4, augmented by ALC_FLR.3. The certification report was published on 8 October 2007.

Red Hat Enterprise Linux 3, Update 2 on IBM eServers was evaluated under the Common Criteria, using the Controlled Access Protection Profile (CAPP), achieving EAL3, augmented. The evaluation results, announced 03 August 2004, are for Red Hat Enterprise Linux WS on xSeries, and Red Hat Enterprise Linux AS on xSeries, iSeries, pSeries, zSeries as well as Opteron-based systems.

Red Hat Enterprise Linux Version 4, Update 1, AS and WS, was evaluated under the Common Criteria, using the Controlled Access Protection Profile (CAPP), achieving EAL4, augmented with ALC_FLR.3. This evaluation was achieved on the following IBM hardware platforms: IBM xSeries (including Intel Xeon, Intel Xeon EM64T and AMD Opteron based systems), pSeries, iSeries, zSeries, eServer, and IBM Blade center. The certificate was issued on 26 January 2006.

Red Hat Enterprise Linux Version 5 was evaluated under the Common Criteria, using the Controlled Access Protection Profile (CAPP), the Labelled Security Protection Profile (LSPP), and the Role-Based Access Control (RBAC) Protection Profile. The evaluation achieved an Evaluated Assurance Level 4, augmented with ALC_FLR.3. The certificate was issued on 07 June 2007. Additional details may be found at the NIAP web site.

Back to top

Netfinity HW was designed to meet C2 level of trust.

Windows NT Server and Workstation 3.51 and 4.0 evaluated at ITSEC E3/F-C2.

Windows NT Server and Workstation 3.5 has been evaluated at TCSEC C2.

Back to top

None, although Netfinity HW was designed to meet C2 level of trust.

Back to top

IBM Firewall for AIX Version 3.1.1.

IBM Firewall for AS/400 version 5769FW1.

IBM eNetwork Firewall 3.2 for NT.1

Back to top

z/VM V5.3 with the RACF Security Server optional feature has been certified to conform to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4+ (EAL4+). The Certification Report ( BSI-DSZ-CC-0472-2008 (PDF, 628KB)) was published on 28 July 2008 by the German Federal Office of Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). The security target (PDF, 621KB) is also available from the BSI's web site.

Back to top