On Thursday, 07/13/2006 at 09:14 EST, Dennis Schaffer <[EMAIL PROTECTED]> wrote: > Thanks for your response. I guess this Common Criteria option won't do me > much good.
Well, consider that even with z/VM 5.1, no one is content to run with just RSU 1 and a few other required PTFs, even though that is the evaluated configuration. So it is the spirit of the evaluation that is most important, not the letter. The z/VM Secure Configuration Guide can be applied to most any modern z/VM release that has RACF. > Just one more question: You said v5.2 won't be evaluated for Common > Criteria certification? Do you know why? Is it maybe a cost issue, where > its too expensive to do it every release, possibly considering the demand > (or lack thereof) in the VM community for the certification? If so, do you > have a guideline for how often you expect to apply? Otherwise, can you > tell me the reason? Given the lifetime of a z/VM release these days (3 years), it's important to have certifications to apply to as much of that 3 years as possible. To get aligned with that goal, it was necessary to skip z/VM 5.2. As to customer requirements for this function, it's kind of like my question a couple of months ago about the need for tape encryption - the response was cooler than I would have expected considering all the stories in the news these days. Go figure. We will continue to certify future releases of z/VM as long as there is value in doing so. There's no guarantee that all releases will be certified, of course. Each time we do it, we reevaluate the business case. Alan Altmark Lead Security Weasel z/VM Development IBM Endicott
