Last Updated: 13 February 2026
z/VM Security and Integrity
Recent z/VM Security News
Here are the latest announcements regarding z/VM Security and Integrity.
09 February 2026 -- z/VM V7.4 achieves Common Criteria certification with NIAP VPP 1.1
z/VM Version 7 Release 2.0 has completed a second Common Criteria evaluation as of February 09 2026. This certifies the product in accordance with the NIAP Virtualization Protection Profile (VPP) 1.1, with Server Virtualization Extended Package. The successful certification affirms z/VM's continued commitment to the meeting the newest security and integrity requirements in the IT industry.
The Certification Report can be found at https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/cr_zvm_v74_vpp_v1.0_en.pdf.
01 October 2025 -- z/VM V7.4 releases Part 1 of its RACF Utilties updates
Through this most recent RACF fixpack, the RACUT200 and RACUT400 utilities are now automatable, removing the element of the human user at a keyboard from database integrity checking, copying, and management.
For more information, refer to: https://www.ibm.com/support/pages/zvm/newfunction/#racf-utility
13 May 2025 -- z/VM V7.4 achieves EAL 4+ Common Criteria certification
z/VM Version 7 Release 2.0 has completed a Common Criteria evaluation as of May 13, 2025. This certifies the product in accordance with the Operating System Protection Profile (with Virtualization and Labeled Security extensions) at an assurance level of EAL 4+. The successful certification affirms z/VM's continued commitment to the security and integrity requirements in the IT industry.
The Certification Report can be found at https://ocsi.isticom.it/documenti/certificazioni/ibm/zvm/cr_zvm_v7r2_v1.0_en.pdf.
19 September 2024 -- z/VM V7.4 released!
z/VM V7.4 has been released, and all previously delivered new functionality has been bundled into this package. The move to linear service reduces complexity for applying service packages (including security fixes). For more information about the latest version of z/VM, see: https://www.ibm.com/support/pages/zvm/zvm740/
Noteworthy Statements of Direction:
- IBM intends to remove LDAP support in a future release. For a blog post about this, refer to https://bwhugen.github.io/2024/10/02/ldap01.html
- IBM intends to certify z/VM V7.4 to the Common Criteria (EAL 4+) and the NIAP Virtualization Protection Profile V1.1
- IBM intends to validate z/VM V7.4 System SSL and ICSFLIB to FIPS 140-3
01 December 2023 -- z/VM uplifts System SSL support to z/OS 2.5 equivalency
z/VM Version 7 Release 2.0 and 7.3 have completed an uplift of their relevant cryptographic libraries to mirror z/OS 2.5 equivalency. This upgrade will provide foundational support both for future enablement of TLS 1.3, as well as a basis for an eventual FIPS 140-3 validation. (A formal validation has not been announced at this time, and will be included as a Statement of Direction, in accordance with IBM policy around future-looking statements.)
See this page for more on z/VM System SSL.
01 July 2023 -- z/VM V7.3 delivers multiple new security and compliance-relevant facilities
z/VM Version 7 Release 3.0 has released three new pieces of functionality which improve z/VM security and compliance posture. These are:
- z/VM Compliance Utility - this new set of EXECs will gather security and compliance relevant data for a z/VM system, with the intent of gathering data in a single interface or "single pane of glass." This information is available either via command-line execution, or via API call. For more information, visit the z/VM New Function Page.
- z/VM KEYVAULT Utility - this new function will encrypt key/value pairs inside a single z/VM virtual machine. This is a first step toward local encryption of data inside CMS applications, with the first exploiter being z/VM Centralized Service Management and the z/VM FTPS function. For more information, visit the z/VM New Function Page.
- Guest Secure IPL - available on the IBM z16 with appropriate millicode levels, z/VM now support signature verification of a guest operating system during the Initial Program Load (IPL, or "boot") process. This vital function allows a system programmer to assure that the code they're loading is the code they intended to load. For more information, visit the z/VM New Function Page.
10 June 2022 -- z/VM V7.2 achieves Common Criteria certification with NIAP protection profile
z/VM Version 7 Release 2.0 has completed a second Common Criteria evaluation as of June 10, 2022. This certifies the product in accordance with the NIAP Virtualization Protection Profile (VPP), with Server Virtualization Extended Package. The successful certification affirms z/VM's continued commitment to the meeting the newest security and integrity requirements in the IT industry.
The Certification Report can be found at https://ocsi.isticom.it/documenti/certificazioni/ibm/zvm/cr_zvm_v7r2_vpp_v1.0_en.pdf
10 December 2021 -- Improved LGR for Mixed-Level Crypto Environments now available for z/VM V7.2
With the PTF for APAR PH40080, z/VM V7.2 has been enabled to introduce a new CERTMGR command which allows for ease-of-use in querying certificates and chains thereof stored in a gskkyman-managed certificate database. More information can be found on the z/VM 7.2 New Function Webpage.
31 August 2021 -- Improved LGR for Mixed-Level Crypto Environments now available for z/VM V7.2
With the PTF for APAR VM66496, z/VM V7.2 has been updated to remove restrictions placed upon relocating virtual machines when target hardware is not of the same Crypto Express functional level. This reduces impediments to relocating workload and enables a smoother migration path to different Crypto Express hardware. More information can be found on the z/VM 7.2 New Function Webpage.
12 August 2021 -- z/VM V7.2 achieves FIPS 140-2 validation
The z/VM V7.2 System SSL Module has been validated as conforming to the Federal Information Processing Standard (FIPS) 140-2. This industry-recognized cryptographic standard mandates modern digital key sizes and integrity checking for TLS operations. z/VM 7.2 System SSL is used by both the z/VM LDAP Server and z/VM TLS/SSL Server. This satisfies the second portion of a Statement of Direction from April 2020 regarding security certification and assurance.
- Certificate: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4007
- Security Policy: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4007.pdf
The Common Criteria evaluation to the NIAP Virtualization Protection Profile is on-going, per previous IBM Statements of Direction. More information will be posted here and in other venues when this have been achieved.
30 April 2021 -- z/VM V7.2 achieves EAL 4+ Common Criteria certification
z/VM Version 7 Release 2.0 has completed a Common Criteria evaluation as of April 30, 2021. This certifies the product in accordance with the Operating System Protection Profile (with Virtualization and Labeled Security extensions) at an assurance level of EAL 4+. The successful certification affirms z/VM's continued commitment to the security and integrity requirements in the IT industry.
The Certification Report can be found at https://ocsi.isticom.it/documenti/certificazioni/ibm/zvm/cr_zvm_v7r2_v1.0_en.pdf
FIPS 140-2 validation, and a second Common Criteria evaluation to the NIAP Virtualization Protection Profile, are still on-going, per previous IBM Statements of Direction. More information will be posted here and in other venues when these have been achieved.
Old news archives are available for reference here.
For more information on z/VM Security, whether it relates to service, certifications, configuration, best practices, or something else, please consult the links at the top of this page. If you have any questions or suggestions, please reach out to Brian Hugenbruch (z/VM Security Development Champion) at bwhugen@us.ibm.com.