Skip to main content

IBM Systems  >   z Systems  >   z/VM  >  
z/VM Security and Integrity News Archive

Updated: 18 September 2008

September 18, 2008 z/VM V5.3 Achieves Common Criteria Certification
All certification activities for z/VM V5.3 are complete. The certifying body issued its certification on July 28, 2008. z/VM V5.3 with the RACF Security Server optional feature has been certified to conform to to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4+ (EAL4+).


Publication: z/VM V5.3 Secure Configuration Guide
This link is secured to ensure that your download is not corrupted.
Publication: z/VM V5.3 Certification Report
Publication: z/VM V5.3 Security Target

July 23, 2008 z/VM V5.3 Common Criteria Certification Update:
IBM has successfully completed its activities relating to the evaluation of z/VM V5.3 with the RACF Security Server optional feature for conformance to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4+ (EAL4+).

Certification is pending.

Feb. 06, 2007 Statement of Direction (*) for z/VM V5.3
Common Criteria Certification:
IBM intends to evaluate z/VM V5.3 with the RACF Security Server optional feature for conformance to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4 (EAL4).

This represents a modification to IBM's previously expressed Statement of Direction of July 27, 2005, which stated IBM's intent to evaluate z/VM V5.2 at EAL4. Based on additional assessment of requirements, IBM no longer intends to evaluate z/VM V5.2.

Feb. 06, 2007 New security-related enhancements for z/VM V5.3
  • Delivery of LDAP server and client
  • Enhanced system security with longer passwords
  • z/VM V5.3 adds Secure Sockets Layer/Transport Layer Security (SSL/TLS) support for industry-standard secure FTP (RFC 4217), Telnet (draft specification #6), and SMTP (RFC 3207) sessions.
  • SSL server enhancements
  • Support of drive-based data encryption with the IBM System Storage TS1120 Tape Drive (machine type 2 3592, model E05).
Dec. 16, 2005 New for z/VM V5.2
The z/VM V5.2 SSL server has been enhanced to provide support for a wider range of Linux for IBM zSeries and System z9 distributions:
  • Novell SUSE Linux Enterprise Server 8
  • Novell SUSE Linux Enterprise Server 9
  • Red Hat Enterprise Linux AS Version 3
  • Red Hat Enterprise Linux AS Version 4

Support is provided for both 31-bit and 64-bit kernels.

Dec. 16, 2005 New for z/VM V5.2
z/VM V5.2 introduces the ability for a guest to trace (sniff) all traffic flowing within a Guest LAN or Virtual Switch (VSWITCH) to which it is coupled. This is a privileged function requiring special authorization. Authorization can be provided by the SET LAN or SET VSWITCH commands, the MODIFY LAN or MODIFY VSWITCH statements in the CP system configuration file, or in your external security manager. For RACF/VM, authorization is granted by giving the user UPDATE authority to the VMLAN profile protecting the Guest LAN or VSWITCH.
Dec. 16, 2005 New for z/VM V5.2
The Directory Maintenence (DirMaint) feature of z/VM V5.2 has been updated to more easily integrate it with RACF/VM. Many of the functions that previously required a separate RACF command (such as when adding or deleting minidisks) now issue the needed RACF commands for you. This reduces both the time it takes to manage user resources and the opportunity for errors. This capability is also available for use on z/VM V5.1.
October 26, 2005 New for z/VM V5.1
On October 26, 2005, the German Federal Office of Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) issued its certification that z/VM V5.1 conforms to the requirements of the Controlled Access Protection Profile (CAPP) and the Labeled Security Protection Profile (LSPP), both at Evaluation Assurance Level 3+.

The Certification Report (BSI-DSZ-CC-0258-2005) and the Security Target are available from the BSI's web site.

The Common Criteria (CC) is an internationally recognized ISO standard (ISO/IEC 15408) used by governments and other organizations to assess security and assurance of technology products. The CC provides a standardized way of expressing security requirements and defines the respective set of rigorous criteria by which the product will be evaluated. It is widely recognized among IT professionals, government agencies, and customers as a seal of approval for mission-critical software.

Under Common Criteria, products are evaluated against strict standards for various features, such as the development environment, security functionality, the handling of security vulnerabilities, security related documentation and product testing.

July 26, 2005 in the z/VM V5.2 announcement: Note this paragraph related to z/VM V5.2:
IBM intends to evaluate z/VM V5.2 with the RACF for z/VM optional feature for conformance to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4 (EAL4).
Jan. 21, 2004 Press Release:
IBM and Novell's SUSE LINUX Achieve a Higher Level of   Linux Security Certification across All IBM eServer Systems
Note this paragraph related to z/VM V5.1:
In addition to Linux, IBM plans to obtain Common Criteria certification of z/VM, its premier virtualization technology, in 2004. It is anticipated that z/VM will be certified to conform to the requirements of the Labeled Security Protection Profile (LSPP) and the Controlled Access Protection Profile (CAPP), both at EAL3+. z/VM helps enable mainframe customers to run tens to even hundreds of instances of the Linux operating system on a single IBM zSeries server.

Mainframe security
Security links
News Archive
Integrity     Statement
APAR Notification (Security/Integrity)
z/VM Security
IBM Security
z Systems Security
Linux on System z
Current releases
z/VM V6.4 Resources
z/VM V6.3 Resources
z/VM V6.2 Resources
z/VM V5.4 Resources
More about z Systems
Optimized to help meet the requirements of today's on-demand solutions.
Attend events to learn about z/VM, Linux on z Systems, and more