Common Criteria is a scheme for independent assessment, analysis, and testing of IT products to a set of security requirements. The Common Criteria Scheme provides consumers with an impartial security assurance of a product to predefined levels. These levels range from EAL0 to EAL7, each assurance level places increased demands on the developer for evidence of testing, and provides increased assurance within the product.
IBM WebSphere Business Integration Message Broker Version 5.0 with Fix Pack 4, has been evaluated to Common Criteria EAL3 augmented with ALC_FLR.2. This provides assurance that the product has been methodically tested and checked.
The certificate awarded to WebSphere Business Integration Message Broker is recognized internationally by the following countries: United Kingdom, United States, Canada, Australia, New Zealand, France, Germany, Finland, Greece, Israel, Italy, Netherlands, Norway, Spain, Sweden and Switzerland.
You can find further information on the Common Criteria scheme at http://www.cesg.gov.uk.
WebSphere Business Integration Message Broker relies on the operating system to provide user/group ID’s and time/date information.
It is assumed that appropriate physical security is provided within the domain for the value of the IT assets protected and the value of the stored, processed, and transmitted information.
For proof of origin, the application receiving register subscriber, unsubscribe and publish requests from the broker, over WebSphere MQ transport, can check that the UserIdentifier field in the MQMD matches the expected user. For proof of receipt for a message sent to the broker, the application can set the Feedback field within the message descriptor (MQMD) to request that a confirm on delivery report message is generated when the message is delivered. Refer to the WebSphere MQ Application Programming Reference for more information.
For the EAL3 evaluated configuration, the Quality of Protection level must always be set to the highest level of encryption, Encrypted for Privacy.
To ensure that deployment messages are not tampered with between the tooling and Configuration Manager by unauthorized users, these two components need to be on either the same machine (protected with a firewall), or on a private local area network.
The Event Viewer on Windows and the audit log file on the UNIX platforms can be used to identify certain unauthorized operations that users and clients may have attempted to perform. This log (for both Windows and UNIX) relies on operating system protection to ensure that this is not tampered with. Care must be taken to ensure that only permitted users have access to this resource (by following the specific instructions for the given platform). It is recommended that regular backups are made (by exporting or saving the event log for Windows, and copying the log file for UNIX). On some platforms, the audit log automatically deletes events older than 72 hours by default; this can be disabled within the operating system. For example on Windows, this can be disabled by selecting Properties in the Application log within the Event viewer and selecting Do not overwrite events (clear log manually). Care must be taken when selecting this option to ensure that sufficient space is available to store events.