The certified configuration for the Common Criteria for z/OS V2R4

A Common Criteria (CC) certified system is a system that has been evaluated according to the Common Criteria, an internationally recognized ISO standard (ISO 15408) for the assurance evaluation of IT products, and found to meet a specific set of requirements. Beginning with z/OS Version 1 Release 6, each release of z/OS has been evaluated and certified. For a summary of the certifications awarded for each release, see History.

The z/OS functionality (which is modeled on the Common Criteria Protection Profile for General Purpose Operating Systems Version 4.2.1 (OSPP), dated April 22, 2019) and assurances have been evaluated and certified at an EAL4 level of assurance. The RACF functionality (which is also modeled on the OSPP) and assurances have been evaluated at an EAL5 level of assurance.

The system configuration and environment that the evaluation finds meet these requirements is referred to as the certified system or certified configuration in this topic. The certification report is published on the OCSI web site.

The following sections are intended to state requirements that must be fulfilled by the installation in order to run in a certified configuration. Whereas the previous chapters of this document describe an optional configuration for the system in order to provide multilevel security, this chapter documents requirements for the certified configuration.

The evaluation of z/OS® did not cover all z/OS security functions, or all methods of achieving the required level of security. An installation can choose to use security functions that were not evaluated, or to use methods of achieving the required level of security that were not evaluated. If an installation makes this choice, it is no longer running the certified configuration, and must take responsibility for the security characteristics of the system.

The evaluation of z/OS did not cover all resources in the FACILITY class. In general, you can choose to use them without compromising the security of your system. However, you need to use them with care and be aware of the security implications. For example, some of the STGADMIN resources can allow reading of all data, and the BLSACTV.SYSTEM resource can allow viewing other users' data in storage. Define profiles protecting these resources with UACC(NONE) and gives access to highly trusted users.

If you are setting up a z/OS system in accordance with the z/OS V2R4 EAL4 and EAL5 security target, the information this document supersedes the information in other documents in the z/OS library.