CA Technologies' Mainframe Security Management products have met the requirements of Common Criteria, an independent security certification recognized by governments in more than 26 countries, including the United States.
CA ACF2 r14 SP1 for z/OS and CA Top Secret r14 SP1 for z/OS received Common Criteria Evaluation Assurance Level 4+ from the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS). The CCEVS certification standards address product functionality, development environment, documentation and product testing.
"CA ACF2 and CA Top Secret are widely used by enterprise level customers, both government and commercial customers, and it's incumbent on us to be diligent in keeping the products current with the most rigorous global security standards," Mark Combs, distinguished senior vice president, mainframe at CA Technologies, tells 5 Minute Briefing. "We continue to focus on providing the highest quality in these mission-critical security products and conforming with the Common Criteria standards set by the National Information Assurance Partnership - which brings together the public and private sectors to help organizations select commercial off-the-shelf information technology products that meet their security requirements."
Both evaluations were done in Booz Allen Hamilton's Common Criteria Testing Laboratory (CCTL). The Booz Allen Hamilton lab is one of only nine U.S.-based CCTLs approved by NIAP and meets the Common Criteria Evaluation and Validation Scheme. The Booz Allen CCTL conducts IT security evaluations for conformance to the Common Criteria for Information Technology Security Evaluation, International Standard ISO/IEC 18045:2005.
CA ACF2 and CA Top Secret provide comprehensive access control for IBM z/OS resources across operating systems, subsystems, third-party software and databases, which includes externalized security controls for UNIX System Services (USS) as well as CICS DB2, and IMS transaction and database management subsystems. Both CA ACF2 and CA Top Secret enable customers to monitor and adjust their security policies, accommodating virtually all organizational structures.
Detailed information on CA ACF2 evaluation and validation is available.
Detailed information on CA Top Secret evaluation and validation is available.