Abstract for Planning for Multilevel Security and the Common Criteria

Purpose of this information: This information describes the z/OS® functions that can be used to provide multilevel security. multilevel security is a security policy that allows the classification of data and users based on a system of hierarchical security levels combined with a system of non-hierarchical security categories. This information provides a high-level overview of multilevel security and security labels, and information about how to migrate a z/OS system to a multilevel-secure system. This information does not provide all the details that an administrator needs to configure or operate a system to take advantage of multilevel security, but it references other information where you can find the details.

This information also describes how you can configure IBM® z/OS Version 2 Release 4 to meet the requirements of the Common Criteria Operating System Protection Profile (OSPP), BSI-CC-PP-0067, Version 2.0 (dated 2010-06-10).

Who should read this information: This information is intended primarily for the security administrator who is planning to establish a multilevel-secure system or a system that meets the requirements of the Common Criteria Operating System Protection Profile (OSPP).

Prerequisite information: The reader should have a detailed knowledge of RACF®, and be familiar with the other elements and features of z/OS, particularly MVS™, JES, z/OS UNIX, TSO/E, Communications Server, DFSMS, Distributed File Service, RMF, and SDSF.

You will need to reference z/OS Communications Server: IP Configuration Guide for information about planning for and implementing multilevel security for a TCP/IP network.