Ron, I also am an MF bigot, but also realize that we live in a wide world, and that far too many people who should know better sometimes have a tendency to view the IT world as z/OS vs Windows, when in reality there are a lot of UNIX servers that are approaching in many ways, and surpassing in others, the mainframe. As for security, since z/OS with RACF has had EAL 3+ since 1.6 and (as Walt Farrell pointed out) has had EAL 4+ since 1.7, I would assume that CA is working on this, but I have no knowledge either way. Also, I do not know if IBM has submitted any version of RACF for z/VM for certification. Also, one must keep in mind that just because the base operating system and security system has been certified as EAL 4+ (or whatever), it doesn't mean that it isn't possible (or even difficult) to configure the system in a very unsecure fashion.
Wayne Driscoll Product Developer JME Software LLC NOTE: All opinions are strictly my own. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ron Hawkins Sent: Thursday, January 31, 2008 12:29 PM To: [email protected] Subject: Re: DB2 queries without using MF. Wayne, Thanks for correcting me. I am a MF bigot, but I am also a realist. Do you know if z/OS with RACF is the only server/software combination that has these certification? One quick Google gave me this at the top of the page: http://www-03.ibm.com/industries/government/doc/content/news/pressreleas e/10 12559109.html and this later on http://www.sun.com/smi/Press/sunflash/2005-10/sunflash.20051026.4.xml If we follow some of the arguments in this thread, if SUN get EAK4 before IBM we should jump over to Solaris as quickly as we can. My real point is that z/OS is not necessarily streets ahead in security anymore. To use this as an argument to maintain the mainframe may backfire when Solaris, AIX or HP-UX leapfrog z/OS, which I'm sure they do on occasions. Ron > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of Wayne Driscoll > Sent: Thursday, January 31, 2008 7:30 AM > To: [email protected] > Subject: Re: [IBM-MAIN] DB2 queries without using MF. > > Ron, > With regard to "AFAIK it's been a long time since RACF had any sort of > special security > rating, and even then you had to disconnect the network", Since z/OS > 1.6 > RACF has had CAPP EAL 3+ certification, and LSP EAL 3+ certification. > Your above comment relates to the old DOD B1 rating that RACF, with a > specific set of hardware devices and software service levels, and > multi-level security (MLS, ie labeling, levels and categories) active, > received in the early 90's. The old "Orange Book" ratings are > outdated, > and have been replaced by the EAL Common Criteria. For more info, see: > http://www-03.ibm.com/systems/z/security/ccs_certification.html > > Wayne Driscoll > Product Developer > JME Software LLC > NOTE: All opinions are strictly my own. > > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
