and microcode design will support almost all of the past Cryptographic functions that were provided on the zSeries 800 and 900 via the CMOS Cryptographic Coprocessor (CCF) and the PCI Cryptographic Coprocessor (PCICC). At the system software level the
The zSeries cryptography is further advanced with the introduction of the Cryptographic Assist Architecture implemented on every z890 and z990 processor (CPU). With enhanced scalability and data rates the z890 and z990 processor is designed to provide a set of symmetric cryptographic functions, synchronously executed, which enormously enhance the performance of the en/decrypt function of SSL, VPN
900.As these crypto functions are implemented in each and every CPU the affi nity problem of
The Trusted Key Entry (TKE) 4.1 code level workstation is an optional feature that can provide a basic key man- agement system and Operational Key Entry support. The key management system allows an authorized person
a method for key identifi cation, exchange, separation, update, backup, and management. The TKE workstation and 4.0 code level are designed to provide a
zSeries Security Certification
Cryptography
•z890/z990 PCIXCC:
–Designed for FIPS
•Logical Partitions
–z900 and z800 servers are the fi rst and only to receive Common Criteria certifi cation at EAL5
•Operating Systems Common Criteria Certifi cation
–SUSE LINUX on zSeries
–SUSE SLES 8 has been certifi ed at Controlled Access Protection Profi le (CAPP) EAL3+
•z/OS 1.6
–z/OS 1.6 is under evaluation for Controlled Access Protection Profi le (CAPP) EAL3+ and Labeled Security Protection Profi le (LSPP) EAL3+
•z/VM
–IBM has applied for Common Criteria Controlled (ISO/IEC 15408) certifi cation of z/VM V5.1 with the RACF® for z/VM optional feature against the Con- trolled Access Protection Profi le (CAPP) and the Labeled Security Protection Profi le (LSPP), both at the EAL3+ assurance level
34