International Business Machines Corporation MVS/XA with RACF Version 1. 8
Abstract
The security protection provided by the International Business Machines Corporation Multiple Virtual Storage/Extended Architecture (MVS/XA) operating system with the Resource Access Control Facility (RACF) product (see page B-1, Appendix B, Evaluated Software Components), configured according to the most secure manner described in the Trusted Facility Manual, running on System/370 Extended Architecture (XA) machines (see page A-1, Appendix A, Evaluated Hardware Components) has been examined by the National Computer Security Center (NCSC). The security features of MVS/VA with RACF were evaluated against the requirements specified by the DoD Trusted Computer System Evaluation Criteria (the Criteria) dated December 1985. The NCSC evaluation team has determined that the highest class at which MVS/XA with RACF satisfies all the specified requirements of the Criteria is Class C2 and therefore, using the specified hardware, MVS/SP Version 2 Release 2 with RACF Version 1 Release 8 configured in the most secure manner described in the Trusted Facility Manual, has been assigned a class C2 rating. A system that has been rated as being a C division system provides for discretionary protection and, through the inclusion of audit capabilities, accountability of subjects and the actions they initiate. Class C2 systems enforce a finely grained discretionary access control, making users individually accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 15, 1988
- Accession Number
- ADA234056
Entities
People
- Cynthia L. Glabus
- Dana N. Stigdon
- Jerzy W. Rub
- Ken B. Elliott Iii
- Michael J. Oehler