Skip to main content

IBM Systems  >   System z  >   z/VM  >  
z/VM Security and Integrity Resources

Updated: May 1, 2014

Keep apprised on security, as it relates to z/VM. This page includes news, pertinent presentations, papers, Redbooks, publications, links to press articles and pointers to online discussions.

April 30, 2014 z/VM 6.3 System SSL Cryptographic Module Receives FIPS 140-2 Certification
The z/VM V6.3 System SSL module, with the PTF for APAR PI04999, has been validated as conforming to the Federal Information Processing Standard (FIPS) 140-2. This industry-recognized cryptographic standard mandates modern digital key sizes and integrity checking for SSL and TLS operations. z/VM 6.3 System SSL is used by both the z/VM LDAP Server and z/VM SSL-TLS Server. This satisfied the statement of direction made in the IBM Software Announcement dated July 23, 2013.

Report: Validated 140-1 and 140-2 Cryptographic Modules, Certificate 2139

Report: z/VM Version 6 Release 3 System SSL Security Policy PDF
July 23, 2013 Statement of Direction
FIPS Certification of z/VM V6.3
IBM intends to pursue an evaluation of the Federal Information Processin Standard (FIPS) 140-2 using National Institute of Standards and Technology's (NIST) Cryptographic Module Validation Program (CMVP) for the System SSL implementation utilized by z/VM V6.3.
July 23, 2013 Statement of Direction
Security Evaluation of z/VM V6.3
IBM intends to evaluate z/VM V6.3 with the RACF Security Server feature, including labeled security, for conformance to the Operating System Protection Profile (OSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4 (EAL4+).
February 20, 2013 z/VM V6.1 Achieves Common Criteria Certification
All certification activities for z/VM 6.1 are complete. The certifying body issued its certification on February 20, 2013. z/VM 6.1 with the RACF Security Server optional feature has been certified to conform to the Operating System Protection Profile (OSPP) with Virtualization (-VIRT) and Labeled Security (-LS) extensions of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4 (EAL4+).

Report: z/VM 6.1 Certification Report

Report: z/VM 6.1 Security Target
June 26, 2012 z/VM 6.1 System SSL Cryptographic Module Receives FIPS 140-2 Certification
All FIPS 140-2 certification work is complete. The z/VM V6.1 System SSL module has been validated as conforming to the Federal Information Protection Standard (FIPS) 140-2. This is the first time that z/VM has been certified to this industry-recognized cryptographic standard. z/VM System SSL is used by both the z/VM LDAP Server and z/VM SSL Server.

Report: System SSL Cryptographic Module Receives FIPS 140-2 Certification

Report: Validated 140-1 and 140-2 Cryptographic Modules, Certificate 1735

Report: z/VM Version 6 Release 1 System SSL Security Policy PDF
July 22, 2010 Statement of Direction
EAL4 Certification for z/VM V6.1
IBM intends to evaluate z/VM V6.1 with the RACF Security Server optional feature, including labeled security, for conformance to the Operating System Protection Profile (OSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4 (EAL4+).
Note: This statement of direction was made in a July 22, 2010 IBM announcement for z/VM V6.1. All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice.
October 6, 2009 Solution Edition for Security Offering
Securing your z/VM® and Linux® for System z® environment
Consolidation, cost savings, and Green Initiatives are sweeping though all industries at an exponential pace. Securing a virtualized environment is a vital component of the enterprise security strategy. System z risk and security management controls provide differentiated advantage over alternative solutions.IBM's virtualization components have been integrated within hardware and software for over 30 years, and provide a robust set of unparalleled capabilities. Scalability, availability, and reliability controls are built within the infrastructure. Additional business value is included in centralized auditing and reporting functions, centralized security components and centralized infrastructure. The Solution Edition Offering for Security delivers the capabilities required to secure your virtualization environment.
Learn more...
September 18, 2008 z/VM V5.3 Achieves Common Criteria Certification
All certification activities for z/VM V5.3 are complete. The certifying body issued its certification on July 28, 2008. z/VM V5.3 with the RACF Security Server optional feature has been certified to conform to to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4+ (EAL4+).


Publication: z/VM V5.3 Secure Configuration Guide
This link is secured to ensure that your download is not corrupted.
Report: z/VM V5.3 Certification Report
Report: z/VM V5.3 Security Target

You can find previous announcements of security-related information in the z/VM Security News archive

Papers, Redbooks, and Publications
Publication: Cryptographic Advances for Linux on IBM System z Applications (05-2012)
Publication: z/VM V5.4 Secure Configuration Guide (07-2008)
Redbook: Introduction to the New Mainframe: Security (04-2007)
Redbook: IBM Tivoli Security and System z (01-2008)
Redpaper: Monitoring System z Cryptographic Services (12-2007)
Redbook: Security on z/VM (12-2007)
PDF The Value of z/VM: z/VM Security and Integrity (04-2005)
Linux on IBM eServer zSeries: Best Security Practices
Linux on zSeries Security White Paper
Exploring Open Source Security for a Linux Server Environment PDF

Presentations
z/VM Security and Integrity (Alan Altmark, Aug.2005) PDF Updated

Press articles
Cover Story: Securing a Virtual World, by Alan Altmark
     (IBM Systems Magazine - Mainframe Edition, May/June 2009)
Understanding z/VM Integrity and Security, by Alan Altmark
     (IBM eServer Magazine - Mainframe Edition, Nov/Dec 2002)

Discussions
Fora and Listserv discussions with the VM and Linux community


Note: *
All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice. Any reliance on this Statement of Direction is at the relying party's sole risk and will not create any liability or obligation for IBM.

 

Mainframe security
Security links
News Archive
Integrity     Statement
APAR Notification (Security/Integrity)
z/VM Security
IBM Security
System z Security
Linux on System z
Current releases
z/VM V6.2 Resources
z/VM V6.1 Resources
z/VM V5.4 Resources
More about System z
Optimized to help meet the requirements of today's on-demand solutions.
Attend events to learn about z/VM, Linux on System z, and more