History

In the 1980s the United States Department of Defense provided guidelines and requirements for establishing data processing security in its computer installations. These criteria, as specified in Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD (also known as TCSEC or the Orange Book), applied also to the computer systems in companies working with a government contract. The criteria corresponded to a particular security designation, depending on the type and amount of security the system provides. The security designations ranged from D (the least amount of security) through C1, C2, B1, B2, B3, and A1. The National Security Agency (NSA) performed a formal evaluation to determine whether a data processing system adhered to the guidelines and requirements for a given security designation.

Between 1988 and 1990 IBM® enhanced MVS™, RACF®, JES2, JES3, TSO, VTAM®, DFP, and PSF to meet the B1 criteria. MVS/ESA Version 3 Release 1 Modification Level 3 passed the formal evaluation performed by the National Security Agency and obtained a B1 security designation. For several years, subsequent versions of RACF, MVS/ESA, and OS/390® were designed to continue to meet the B1 criteria, although no formal evaluations were done. But over time new functions such as UNIX System Services were added to MVS that could not be used on a system with a B1 security designation. And customer configurations evolved to require networking, which could not be used on a B1 system. Eventually the Common Criteria and ISO 15408 superseded the older US Government standards described in the Orange Book.

IBM's multilevel security functions for z/OS® build on the work done on MVS to meet the B1 criteria, and provide functions consistent with those described in the Common Criteria and some of the Common Criteria Protection Profiles.

Common criteria evaluations:
  • z/OS V1R6 has been evaluated and certified under the Common Criteria Controlled Access Protection Profile (CAPP) at EAL3 augmented and the Labeled Security Protection Profile (LSPP) at EAL3 augmented. For information about the certified configuration at EAL3, see the second z/OS V1R6 edition of, z/OS Planning for Multilevel Security and the Common Criteria, GA22-7509-02.
  • z/OS V1R7 has been evaluated and certified at the stricter EAL4 level, under the CAPP and LSPP profiles. For information about the certified configuration for z/OS V1R7, see the final z/OS V1R7 edition of, z/OS Planning for Multilevel Security and the Common Criteria, GA22-7509-05.
  • z/OS V1R8 has been evaluated and certified at the EAL4 level, augmented by ALC_FLR.3, under the CAPP and LSPP profiles. For information about the certified configuration for z/OS V1R8, see the z/OS V1R8 edition of z/OS Planning for Multilevel Security and the Common Criteria, GA22-7509-06.
  • z/OS V1R9 has been certified to meet the requirements of the Common Criteria assurance level EAL4, augmented by ALC_FLR.3, for the CAPP and LSPP profiles. For information about the certified configuration for z/OS V1R9, see the z/OS V1R9 edition of z/OS Planning for Multilevel Security and the Common Criteria, GA22-7509-07.
  • z/OS V1R10 has been certified to meet the requirements of the Common Criteria assurance level EAL4, augmented by ALC_FLR.3, for the CAPP profile. For information about the certified configuration for z/OS V1R10, see the z/OS V1R10 edition of z/OS Planning for Multilevel Security and the Common Criteria, GA22-7509-09.
  • z/OS V1R11 has been certified to meet the requirements of the Common Criteria Operating System Protection Profile (OSPP), BSI-CC-PP-0067, Version 2.0 (dated 2010-06-10) including the extended packages of OSPP:
    • Labeled Security (OSPP-LS), Version 2.0
    • Extended Identification and Authentication (OSPP-EIA), version 2.0
    For information about the certified configuration for z/OS V1R11, see the z/OS V1R11 edition of z/OS Planning for Multilevel Security and the Common Criteria, GA22-7509-10.
  • z/OS V1R12 has been certified to meet the requirements of the Common Criteria assurance level EAL4, augmented by ALC_FLR.3 for the following protection profiles:
    • Operating System Protection Profile (OSPP) Version 2.0 (dated 6/10/2010)
    • OSPP Extended Package - Labeled Security (OSPP-LS), Version 2.0 (dated 5/28/2010)
    • OSPP Extended Package - Extended Identification and Authentication (OSPP-EIA), version 2.0 (dated 5/28/2010)
    For information about the certified configuration, see the first z/OS V1R12 edition of z/OS Planning for Multilevel Security and the Common Criteria, GA22-7509-10. The certification report is published on the BSI Web page at https://www.bsi.bund.de/cln_156/EN/Topics/Certification/CertificationReports/certificationreports_node.html.
  • The RACF component of z/OS V1R12 is being evaluated for conformance to the requirements of the Common Criteria assurance level EAL5, augmented by ALC_FLR.3. At the time this information was published, the evaluation was not complete. To find out whether the certification report has been published, visit the BSI Web page at https://www.bsi.bund.de/cln_156/EN/Topics/Certification/CertificationReports/certificationreports_node.html.
  • z/OS V1R13 has been certified to meet the requirements of the Common Criteria assurance level EAL4, augmented by ALC_FLR.3 for the following protection profiles:
    • Operating System Protection Profile (OSPP), Version 2.0 (dated 6/1/2010)
    • OSPP Extended Package - Labeled Security (OSPP-LS), Version 2.0 (dated 5/28/2010)
    • OSPP Extended Package - Extended Identification and Authentication (OSPP-EIA), version 2.0 (dated 5/28/2010)
    For information about the certified configuration, see The certified configuration for the Common Criteria for z/OS V2R2. The certification report is published on the BSI Web page at https://www.bsi.bund.de/cln_156/EN/Topics/Certification/CertificationReports/certificationreports_node.html.
  • z/OS V2R1 has been certified to meet the requirements of the Common Criteria assurance level EAL4, augmented by ALC_FLR.3 for the following protection profiles:
    • Operating System Protection Profile (OSPP), Version 2.0 (dated 6/1/2010)
    • OSPP Extended Package - Labeled Security (OSPP-LS), Version 2.0 (dated 5/28/2010)
    • OSPP Extended Package - Extended Identification and Authentication (OSPP-EIA), version 2.0 (dated 5/28/2010)
    For information about the certified configuration, see The certified configuration for the Common Criteria for z/OS V2R2. The certification report is published on the BSI Web page at https://www.bsi.bund.de/cln_156/EN/Topics/Certification/CertificationReports/certificationreports_node.html.
  • Start of changez/OS V2R2 has been certified to meet the requirements of the Common Criteria assurance level EAL4, augmented by ALC_FLR.3 for the following protection profiles:
    • Operating System Protection Profile (OSPP), Version 2.0 (dated 6/1/2010)
    • OSPP Extended Package - Labeled Security (OSPP-LS), Version 2.0 (dated 5/28/2010)
    • OSPP Extended Package - Extended Identification and Authentication (OSPP-EIA), version 2.0 (dated 5/28/2010)
    For information about the certified configuration, see The certified configuration for the Common Criteria for z/OS V2R2. The certification report is published on the BSI Web page at https://www.bsi.bund.de/cln_156/EN/Topics/Certification/CertificationReports/certificationreports_node.html.End of change

Although the requirements for multilevel security arose from the classified data processing needed by government installations, the functions implemented for multilevel security (especially the basic ones of user and data classification via security labels) should be relevant to commercial installations too.

Parent topic: What is multilevel security?