AIX V6.1 and the Power 570 system based on the Power6™ processor have been certified compliant under the Controlled Access Protection Profile under the Common Criteria for Information Security Evaluation (CC), at the Evaluation Assurance Level 4 Augmented (commonly referred to as CAPP/EAL4+).
Common Criteria is an internationally recognized (ISO/IEC 15408) standard used by businesses and governments around the world to assess security and development process assurance of technology products. Under Common Criteria, products are evaluated against strict standards that validate the product's design process, development environment, functionality, vulnerability handling, testing and documentation. Over twenty countries recognize the security certifications defined by the Common Criteria standard.
This is the first set of security certifications for AIX 6 and the first for systems based on the POWER6 processor. The CAPP/EAL4+ security certification for AIX 6 included an evaluation of Workload Partitions, the new software virtualization feature of AIX and the PowerVM Virtual I/O Server (VIOS).
The POWER6 hardware and virtualization certificate was based on evaluation of the POWER6 processor-based Power Systems 570 server and including the Hypervisor, the flexible service processor and bulk power assembly. The certification process validated that the design and functionality of the Power Systems 570 hardware and Hypervisor based virtualization infrastructure met or exceeded the security standards associated with the CAPP/EAL4+ standard.
In addition to the CAPP/EAL4+ certifications, AIX 6 has received certification under the Labeled Security Protection Profile (LSPP) and Role Based Access Control Protection Profile (RBAC PP).
The Labeled Security Protection Profile standard was created for clients that require robust access control for information in highly secure environments. The Trusted AIX feature of AIX 6 includes the functionality required for the LSPP certification. Trusted AIX extends the capabilities of the AIX operating system by providing mandatory access control for data and system resources. This feature allows access to information is only if the end user has clearance to access that level of information. Trusted AIX is included as part of AIX 6 but must be explicitly enabled during the installation of AIX.
The Role Based Access Control Protection Profile criterion validates that the Role Based Access Control feature of AIX 6 meets the requirements for simplified control of administrative privileges through the use of hierarchies and roles. Role Based Access Control is a new feature of AIX 6 that allows administrators fine grained control for selective delegation of administrative duties to non-root users. This delegation is achieved by collecting the relevant authorizations into a role and then assigning the role to a non-root user. Role Based Access Control enables increased security by reducing the number of root level users and provides greater administrator productivity by allowing administrative workload to be securely delegated to non-root users. This is the first time the AIX operating system has been certified under the Role Based Access Control Protection Profile.
Security is a key requirement for our clients. These new certifications are an independent validation that AIX and the Power Systems hardware provide a secure computing environment for our client's workloads. The inclusion of new security features into AIX 6, such as the Trusted AIX and Role Based Access Control, enables even more workloads to run on the leadership Power System platform. These certifications highlight the IBM commitment to provide our clients with the best UNIX® solutions in the world."
The CAPP/EAL4+ certification report for the AIX 6 system can be found at http://www.commoncriteriaportal.org/files/epfiles/0461a.pdf (link resides outside of ibm.com)
The CAPP/EAL4+ certification report for the POWER6 system can be found at http://www.commoncriteriaportal.org/files/epfiles/st_vid10178-vr.pdf (link resides outside of ibm.com)
The validation certificate for the POWER6 systems is located at http://www.niap-ccevs.org/cc-scheme/st/st_vid10178-ci.pdf (link resides outside of ibm.com)
More information in AIX open standards support can be found at http://www.ibm.com/systems/power/software/aix/certifications/index.html
Information on the Common Criteria standard is located at http://www.commoncriteriaportal.org/ (link resides outside of ibm.com)
The full security certification reports for all products can be found at http://www.bsi.bund.de/ (link resides outside of ibm.com)