IBM AIX 6 and POWER6 receive top security certifications

AIX V6.1 and the Power 570 system based on the Power6™ processor have been certified compliant under the Controlled Access Protection Profile under the Common Criteria for Information Security Evaluation (CC), at the Evaluation Assurance Level 4 Augmented (commonly referred to as CAPP/EAL4+).

Common Criteria is an internationally recognized (ISO/IEC 15408) standard used by businesses and governments around the world to assess security and development process assurance of technology products. Under Common Criteria, products are evaluated against strict standards that validate the product's design process, development environment, functionality, vulnerability handling, testing and documentation. Over twenty countries recognize the security certifications defined by the Common Criteria standard.

This is the first set of security certifications for AIX 6 and the first for systems based on the POWER6 processor. The CAPP/EAL4+ security certification for AIX 6 included an evaluation of Workload Partitions, the new software virtualization feature of AIX and the PowerVM Virtual I/O Server (VIOS).

The POWER6 hardware and virtualization certificate was based on evaluation of the POWER6 processor-based Power Systems 570 server and including the Hypervisor, the flexible service processor and bulk power assembly. The certification process validated that the design and functionality of the Power Systems 570 hardware and Hypervisor based virtualization infrastructure met or exceeded the security standards associated with the CAPP/EAL4+ standard.

In addition to the CAPP/EAL4+ certifications, AIX 6 has received certification under the Labeled Security Protection Profile (LSPP) and Role Based Access Control Protection Profile (RBAC PP).

The Labeled Security Protection Profile standard was created for clients that require robust access control for information in highly secure environments. The Trusted AIX feature of AIX 6 includes the functionality required for the LSPP certification. Trusted AIX extends the capabilities of the AIX operating system by providing mandatory access control for data and system resources. This feature allows access to information is only if the end user has clearance to access that level of information. Trusted AIX is included as part of AIX 6 but must be explicitly enabled during the installation of AIX.

The Role Based Access Control Protection Profile criterion validates that the Role Based Access Control feature of AIX 6 meets the requirements for simplified control of administrative privileges through the use of hierarchies and roles. Role Based Access Control is a new feature of AIX 6 that allows administrators fine grained control for selective delegation of administrative duties to non-root users. This delegation is achieved by collecting the relevant authorizations into a role and then assigning the role to a non-root user. Role Based Access Control enables increased security by reducing the number of root level users and provides greater administrator productivity by allowing administrative workload to be securely delegated to non-root users. This is the first time the AIX operating system has been certified under the Role Based Access Control Protection Profile.

Security is a key requirement for our clients. These new certifications are an independent validation that AIX and the Power Systems hardware provide a secure computing environment for our client's workloads. The inclusion of new security features into AIX 6, such as the Trusted AIX and Role Based Access Control, enables even more workloads to run on the leadership Power System platform. These certifications highlight the IBM commitment to provide our clients with the best UNIX® solutions in the world."

The CAPP/EAL4+ certification report for the AIX 6 system can be found at http://www.commoncriteriaportal.org/files/epfiles/0461a.pdf (link resides outside of ibm.com)

The CAPP/EAL4+ certification report for the POWER6 system can be found at http://www.commoncriteriaportal.org/files/epfiles/st_vid10178-vr.pdf (link resides outside of ibm.com)

The validation certificate for the POWER6 systems is located at http://www.niap-ccevs.org/cc-scheme/st/st_vid10178-ci.pdf (link resides outside of ibm.com)

More information in AIX open standards support can be found at http://www.ibm.com/systems/power/software/aix/certifications/index.html

Information on the Common Criteria standard is located at http://www.commoncriteriaportal.org/ (link resides outside of ibm.com)

The full security certification reports for all products can be found at http://www.bsi.bund.de/ (link resides outside of ibm.com)

Get Adobe® Reader®


Contact IBM

Browse Power Systems

Close [x]

Advantages

Companies embracing Smarter Computing are implementing IT infrastructure based on the IBM Power Systems platform that is designed for data, tuned to the task and managed with cloud technologies. With Power Systems, businesses can outpace their competitors by delivering services faster, differentiate their offerings by delivering higher quality services, and turn operational cost into investment opportunity by delivering services with superior economics.

Close [x]

Hardware

Power Systems hardware provides the foundation for designing workload optimized systems in conjunction with software and expert domain knowledge. Power servers and blades are modular and scalable and designed from the chip through the software stack to help deliver new levels of business performance.

Close [x]

Operating systems

Power servers deliver flexibility and choice of operating systems to enable your business to select the best applications for your business needs. Whether running 1, 2, or all 3 - coupled with PowerVM, they maximize the benefit of Power Systems in your business.

Close [x]

System software

IBM's integrated approach to developing Systems and Systems Software stacks together delivers maximum utilization, availability, and flexibility helping you deliver new advantages in your business.

Close [x]

Solutions

IBM and IBM Business Partner solutions exploit key benefits in Power Systems that help you deliver new capabilities and new competitive advantages to your business.

Close [x]

Migrate to Power

Over the last five years thousands of clients have migrated to POWER. Learn how Power Systems has helped them improve their business performance, reduce risk, and establish a more secure future.