U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3557

Details

Module Name
IBM® z/OS® Version 2 Release 3 System SSL Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
10/24/2024
Validation Dates
10/25/2019
Overall Level
1
Caveat
When operated in FIPS mode with modules IBM(R) z/OS(R) Version 2 Release 3 Security Server RACF(R) Signature Verification Module validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode and IBM(R) z/OS(R) Version 2 Release 3 ICSF PKCS #11 Cryptographic Module validated to FIPS 140-2 under Cert. #3555 operating in FIPS mode
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Software-Hybrid
Embodiment
Multi-Chip Stand Alone
Description
z/OS® System SSL provides a rich set of C based application programming interfaces that allow applications to protect data using the SSL/TLS protocols and through PKCS#7 cryptographic messages. z/OS System SSL also enables applications to create and manage X.509 V3 certificates and keys within key database files and PKCS#11 tokens.
Tested Configuration(s)
  • IBM z/OS Version 2 Release 3 running on an IBM z14 with CP Assist for Cryptographic Functions
  • IBM z/OS Version 2 Release 3 running on an IBM z14 with CP Assist for Cryptographic Functions with CEX5A
  • IBM z/OS Version 2 Release 3 running on an IBM z14 with CP Assist for Cryptographic Functions with CEX6A (single-user mode)
FIPS Algorithms
AES Certs. #C79, #C424, #C540 and #C541
CVL Certs. #C424, #C507, #C508, #C540 and #C541
DRBG Cert. #C436
DSA Certs. #C540 and #C541
ECDSA Cert. #C424
HMAC Certs. #C540 and #C541
RSA Certs. #C219, #C424, #C507, #C508, #C540 and #C541
SHS Certs. #C79, #C540 and #C541
Triple-DES Certs. #C79, #C540 and #C541
Allowed Algorithms
Diffie-Hellman (CVL Certs. #C424, #C507 and #C508 with CVL Certs. #C540 and #C541, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C424 with CVL Certs. #C540 and #C541, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC-MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Hardware Versions
COP chips integrated within processor unit
Software Versions
HCPT430/JCPT431 with APAR OA57026
Firmware Versions
Feature 3863 (aka FC3863) with System Driver Level 32L

Vendor

IBM Corporation
2455 South Road
Poughkeepsie, NY 12601-5400
USA

John Monti
jmonti@us.ibm.com
Phone: 845-435-4164
 Alyson Comer
comera@us.ibm.com
Phone: 607-429-4309

Related Files

Security Policy
Consolidated Certificate

Lab

ATSEC INFORMATION SECURITY CORP
NVLAP Code: 200658-0