BAS/EAL4+ and LAS/EAL4+ systems physical environment

Edit online

The BAS/EAL4+ and LAS/EAL4+ systems have specific requirements for the environment in which they are run.

The requirements are as follows:
  • Physical access to the systems must be restricted so that only authorized administrators can use the system consoles.
  • The Service Processor is not connected to a modem.
  • Physical access to the terminals is restricted to authorized users.
  • The physical network is secure against eavesdropping and spoofing programs (also called Trojan horse programs). When communicating over insecure lines, additional security measures, such as encryption, are needed.
  • Communication with other systems that are not AIX 7.1 BAS/EAL4+ or LAS/EAL4+ systems, or are not under the same management control, is not permitted.
  • Only IPv4 is to be used when communicating with other BAS/EAL4+ and LAS/EAL4+ systems. IPv6 is included in the evaluated configuration, but only the functional capabilities of IPv6 that are also supported by IPv4 are included.
  • Users must not be allowed to change the system time.
  • Systems in an LPAR environment cannot share PHBs.