International Business Machines Corporation MVS/XA with RACF Version 1. 8
Final evaluation rept.
NATIONAL COMPUTER SECURITY CENTER FORT GEORGE G MEADE MD
Pagination or Media Count:
The security protection provided by the International Business Machines Corporation Multiple Virtual StorageExtended Architecture MVSXA operating system with the Resource Access Control Facility RACF product see page B-1, Appendix B, Evaluated Software Components, configured according to the most secure manner described in the Trusted Facility Manual, running on System370 Extended Architecture XA machines see page A-1, Appendix A, Evaluated Hardware Components has been examined by the National Computer Security Center NCSC. The security features of MVSVA with RACF were evaluated against the requirements specified by the DoD Trusted Computer System Evaluation Criteria the Criteria dated December 1985. The NCSC evaluation team has determined that the highest class at which MVSXA with RACF satisfies all the specified requirements of the Criteria is Class C2 and therefore, using the specified hardware, MVSSP Version 2 Release 2 with RACF Version 1 Release 8 configured in the most secure manner described in the Trusted Facility Manual, has been assigned a class C2 rating. A system that has been rated as being a C division system provides for discretionary protection and, through the inclusion of audit capabilities, accountability of subjects and the actions they initiate. Class C2 systems enforce a finely grained discretionary access control, making users individually accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation.
- Computer Systems Management and Standards