Start of change

Common Criteria

Common Criteria is a scheme for independent assessment, analysis, and testing of IT products to a set of security requirements. The Common Criteria Scheme provides consumers with an impartial security assurance of a product to predefined levels. These levels range from EAL0 to EAL7, each assurance level places increased demands on the developer for evidence of testing, and provides increased assurance within the product.

IBM WebSphere Business Integration Message Broker Version 5.0 with Fix Pack 4, has been evaluated to Common Criteria EAL3 augmented with ALC_FLR.2. This provides assurance that the product has been methodically tested and checked.

The certificate awarded to WebSphere Business Integration Message Broker is recognized internationally by the following countries: United Kingdom, United States, Canada, Australia, New Zealand, France, Germany, Finland, Greece, Israel, Italy, Netherlands, Norway, Spain, Sweden and Switzerland.

You can find further information on the Common Criteria scheme at http://www.cesg.gov.uk.

Environmental considerations

In order that WebSphere Business Integration Message Broker operates in accordance with its Common Criteria certificate, the environmental requirements defined in this section need to be met.
  • There must be one or more competent individuals that are assigned to manage WebSphere Business Integration Message Broker and the security of the information that it contains. Such personnel are assumed not to be careless, willfully negligent or hostile.
  • The operating system must be configured in accordance with the manufacturer’s installation guides and where applicable, in its evaluated configuration. It must be securely configured such that the operating system protects WebSphere Business Integration Message Broker from any unauthorized users or processes.
The following operating systems are supported within the evaluation:
  • AIX 5.1 (with maintenance level 3)
  • AIX 5.2 (with maintenance level 2)
  • HP-UX 11.11 (with December 2002 Quality Pack)
  • SuSE Linux Enterprise Server 8 (for Linux Intel)
  • RedHat Enterprise Linux AS 3.0 (for Linux Intel)
  • Sun Solaris 2.8 (with the SunSolve recommended patch level)
  • Microsoft Windows 2000 (this includes all combinations of Advanced Server and Server with SP4 and hotfixes)
  • Microsoft Windows 2003 (this includes all combinations of Standard and Enterprise with recommended Service Pack and hotfixes)

WebSphere Business Integration Message Broker relies on the operating system to provide user/group ID’s and time/date information.

Although the password rules are defined by the operating system, in order that WebSphere Business Integration Message Broker operates in accordance with its Common Criteria certificate, the following additional rules must be followed for all users created on the machine:
  • Passwords must be equal to or greater than 8 characters in length (maximum 255 characters in length).
  • Passwords must contain at least one non-alpha numeric character.
  • Passwords must contain a numeric character at the beginning or end of the string.
  • Passwords must not contain words found in the dictionary or information specific to a particular individual, such as a registration number plate.
  • An expiry time must be defined for all user IDs after which a new password must be set. The default should be 30 days
Any machine accessing WebSphere Business Integration Message Broker sessions or logins must be password protected and adhere to the password rules defined above. It is also important to ensure that no active sessions are left unattended.

It is assumed that appropriate physical security is provided within the domain for the value of the IT assets protected and the value of the stored, processed, and transmitted information.

For proof of origin, the application receiving register subscriber, unsubscribe and publish requests from the broker, over WebSphere MQ transport, can check that the UserIdentifier field in the MQMD matches the expected user. For proof of receipt for a message sent to the broker, the application can set the Feedback field within the message descriptor (MQMD) to request that a confirm on delivery report message is generated when the message is delivered. Refer to the WebSphere MQ Application Programming Reference for more information.

For the EAL3 evaluated configuration, the Quality of Protection level must always be set to the highest level of encryption, Encrypted for Privacy.

To ensure that deployment messages are not tampered with between the tooling and Configuration Manager by unauthorized users, these two components need to be on either the same machine (protected with a firewall), or on a private local area network.

The Event Viewer on Windows and the audit log file on the UNIX platforms can be used to identify certain unauthorized operations that users and clients may have attempted to perform. This log (for both Windows and UNIX) relies on operating system protection to ensure that this is not tampered with. Care must be taken to ensure that only permitted users have access to this resource (by following the specific instructions for the given platform). It is recommended that regular backups are made (by exporting or saving the event log for Windows, and copying the log file for UNIX). On some platforms, the audit log automatically deletes events older than 72 hours by default; this can be disabled within the operating system. For example on Windows, this can be disabled by selecting Properties in the Application log within the Event viewer and selecting Do not overwrite events (clear log manually). Care must be taken when selecting this option to ensure that sufficient space is available to store events.

Related concepts
Security overview
Related tasks
Planning for security when you install WebSphere Business Integration Message Broker


End of change