CA Mainframe Security Products Await Common Criteria Stamp

CA has announced that three of its mainframe security management software products – CA ACF2 r14, CA Top Secret r14 and CA Compliance Manager for z/OS r1 – are officially in evaluation for EAL4+ certification under the Common Criteria International security standard.

The three CA products have cleared the first, pre-evaluation stage of the certification process and have advanced to the “in evaluation” stage where they will be tested for specific security functionality against a comprehensive set of predetermined requirements. Common Criteria certification is granted when a Common Criteria testing laboratory determines that a product meets a measure of security. The certification addresses product functionality, development environment, documentation and product testing measures.

Common Criteria is recognised by governments in more than 26 countries, including the United States.

Kirk Willis, Vice President of mainframe security management at CA, said, “Through the Common Criteria certification process, our customers will receive the third-party validation they require to take advantage of the unique capabilities these solutions offer.”

CA ACF2 and CA Top Secret provide access control for IBM z/OS resources across operating systems, subsystems, third-party software and databases, which includes externalised security controls for CICS, DB2, UNIX System Services (USS) and IMS. They enable organisations to monitor and adjust their security policies and accommodate virtually all organisational structures.

CA Compliance Manager for z/OS is a platform-resident solution that provides real-time policy management of security and compliance events across the z/OS environment and mainframe security subsystems. It consolidates real-time and historical monitoring of select system events and security events to safeguard IT environments. CA ACF2 and CA Top Secret also work with CA Compliance Manager to provide a single view of compliance for the mainframe.

All three solutions are part of CA’s Mainframe 2.0 initiative, which is simplifying mainframe ownership and facilitating the generational shift in mainframe management staffs.