Creating Common Criteria-Based evaluations
In October 1998, after two years of intense negotiations, government organizations from the United States, Canada, France, Germany, and the United Kingdom signed a historic mutual recognition arrangement for Common Criteria-based evaluations. This arrangement, officially known as the Arrangement of the Recognition of Common Criteria Certificates in the field of IT Security, was a significant step forward for government and industry in the area of IT product and protection profile security evaluations. The partners in the arrangement share the following objectives in the area of Common Criteria-based evaluation of IT products and protection profiles:
- To help ensure that evaluations of IT products and protection profiles are performed to high and consistent standards and are seen to contribute significantly to confidence in the security of those products and profiles
- To increase the availability of evaluated, security-enhanced IT products and protection profiles for national use
- To eliminate duplicate evaluations of IT products and protection profiles, and
- To continuously improve the efficiency and cost-effectiveness of security evaluations and the certification/validation process for IT products and protection profiles.
The purpose of this arrangement is to advance those objectives by bringing about a situation in which IT products and protection profiles which earn a Common Criteria certificate can be procured or used without the need for them to be evaluated and certified/validated again. It seeks to provide grounds for confidence in the reliability of the judgment on which the original certificate was based by declaring that the Certification/Validation Body associated with a Participant to the Arrangement shall meet high and consistent standards. The Arrangement specifies the conditions by which each Participant will accept or recognize the results of IT security evaluations and the associated certifications/validations conducted by other Participants and to provide for other related cooperative activities.
The PR/SM functionality and assurances have been evaluated and certified at an EAL5 level of assurance. This assurance enables PR/SM to meet stringent requirements for confidentiality of processed information including requirements mandated by the federal government and the banking industry.
The Certification/Validation Body which performs the evaluations of PR/SM is Bundesamt Fuer Sicherheit Informationstechnik (BSI). The BSI issued certificate IDs for the most recent PR/SM evaluations are: BSI-DSZ-CC-1133, BSI-DSZ-CC-1160, BSI-DSZ-CC-1186, BSI-DSZ-CC-1222, and BSI-DSZ-CC-1254. Additional information, including the Security Target forming the base document for the evaluation is available at the BSI website: https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Zertifizierung-und-Anerkennung/Zertifizierung-von-Produkten/Zertifizierung-nach-CC/Zertifizierte-Produkte-nach-CC/Serveranwendungen/Serveranwendungen_node.html.
This appendix must be used in conjunction with other pertinent manuals supplied with the IBM IBM Z mainframe to give a security administrator all the required information to configure and operate a logically partitioned (LPAR) mode system in a secure manner. This appendix provides instruction on the correct use of the system so that a secure environment is created and maintained. It defines and explains the parameters, settings, and commands recommended, including references to those sections in the manuals being discussed in Trusted facility library.