The iSeries is arguably one of the finest systems with regard to security. The following is reproduced from the IBM security manuals.

By using security level 50 and following the instructions in the Security – Enabling for C2, SC41-5303-00, you can bring a Version 4 Release 4 iSeries® system to a C2 level of security. C2 is a security standard defined by the U.S. government in the Department of Defense Trusted System Evaluation Criteria (DoD 5200.28.STD). In October, 1995, iSeries formally received a C2 security rating from the United States Department of Defense. The C2 rating is for V2R3 of OS/400, SEU, Query/400, SQL, and Common Cryptographic Architecture Services/400. The C2 rating was awarded after a rigorous, multi-year period of evaluation. iSeries is the first system to achieve a C2 rating for a system (hardware and operating system) with an integrated, full-function database.

In 1999, iSeries received a C2 rating for Version 4 Release 4 of OS/400 (with feature code 1920), SEU, Query/400, SQL, TCP/IP Utilities, Cryptographic Access Provider, and Advanced Series Hardware. A limited set of TCP/IP communication functions between iSeries, attached to a local area network, were included in the evaluation. To achieve a C2 rating, a system must meet strict criteria in the following areas:

  • Discretionary access control
  • User accountability
  • Security auditing
  • Resource isolation