U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3919

Details

Module Name
IBM® z/OS® Version 2 Release 4 System SSL Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
5/2/2026
Validation Dates
05/03/2021
Overall Level
1
Caveat
When operated in FIPS mode with modules IBM(R) z/OS(R) Version 2 Release 4 Security Server RACF(R) Signature Verification Module validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode and IBM(R) z/OS(R) Version 2 Release 4 ICSF PKCS #11 Cryptographic Module validated to FIPS 140-2 under Cert. #3909 operating in FIPS mode
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Software-Hybrid
Embodiment
Multi-Chip Stand Alone
Description
z/OS® System SSL provides a rich set of C based application programming interfaces that allow applications to protect data using the SSL/TLS protocols and through PKCS#7 cryptographic messages. z/OS System SSL also enables applications to create and manage X.509 V3 certificates and keys within key database files and PKCS#11 tokens.
Tested Configuration(s)
  • IBM z/OS Version 2 Release 4 running on an IBM z14 with CP Assist for Cryptographic Functions
  • IBM z/OS Version 2 Release 4 running on an IBM z14 with CP Assist for Cryptographic Functions with CEX6A (single-user mode)
FIPS Algorithms
AES Certs. #C79, #C1635, #C1664 and #C1665
CVL Certs. #C1635, #C1637, #C1664 and #C1665
DRBG Cert. #C1633
DSA Certs. #C1664 and #C1665
ECDSA Cert. #C1635
HMAC Certs. #C1664 and #C1665
KTS AES Cert. #C1635; key establishment methodology provides 128 or 256 bits of encryption strength
KTS AES Certs. #C1664 and #C1665 and HMAC Certs. #C1664 and #C1665; key establishment methodology provides 128 or 256 bits of encryption strength
KTS Triple-DES Certs. #C1664 and #C1665 and HMAC Certs. #C1664 and #C1665; key establishment methodology provides 112 bits of encryption strength
RSA Certs. #C1634, #C1635, #C1637, #C1664 and #C1665
SHS Certs. #C79, #C1664 and #C1665
Triple-DES Certs. #C79, #C1664 and #C1665
Allowed Algorithms
Diffie-Hellman (CVL Certs. #C1635 and #C1637 with CVL Certs. #C1664 and #C1665, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C1635 with CVL Certs. #C1664 and #C1665, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Hardware Versions
COP chips integrated within processor unit
Software Versions
HCPT440/JCPT441 with APAR OA59268
Firmware Versions
Feature 3863 (aka FC3863) with System Driver Level 32L

Vendor

IBM Corporation
2455 South Road
Poughkeepsie, NY 12601-5400
USA

John Monti
jmonti@us.ibm.com
Phone: 845-435-4164
 Alyson Comer
comera@us.ibm.com
Phone: 607-429-4309

Related Files

Security Policy
Consolidated Certificate

Lab

ATSEC INFORMATION SECURITY CORP
NVLAP Code: 200658-0