U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3937

Details

Module Name
IBM® z/OS® Version 2 Release 4 System SSL Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
5/25/2026
Overall Level
1
Caveat
When operated in FIPS mode with modules IBM(R) z/OS(R) Version 2 Release 4 Security Server RACF(R) Signature Verification Module validated to FIPS 140-2 under Cert. #2691 and IBM(R) z/OS(R) Version 2 Release 4 ICSF PKCS #11 Cryptographic Module validated to FIPS 140-2 under Cert. #3924 operating in FIPS mode
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Software-Hybrid
Embodiment
Multi-Chip Stand Alone
Description
z/OS® System SSL provides a rich set of C based application programming interfaces that allow applications to protect data using the SSL/TLS protocols and through PKCS#7 cryptographic messages. z/OS System SSL also enables applications to create and manage X.509 V3 certificates and keys within key database files and PKCS#11 tokens.
Tested Configuration(s)
  • IBM z/OS Version 2 Release 4 running on an IBM z15 with CP Assist for Cryptographic Functions
  • IBM z/OS Version 2 Release 4 running on an IBM z15 with CP Assist for Cryptographic Functions with CEX7A (single-user mode)
FIPS Algorithms
AES Certs. #A389, #C1772, #C1801 and #C1803
CVL Certs. #C1772, #C1799, #C1801 and #C1803
DRBG Cert. #C1772
DSA Certs. #C1801 and #C1803
ECDSA Cert. #C1772
HMAC Certs. #C1801 and #C1803
KTS AES Cert. #C1772; key establishment methodology provides 128 or 256 bits of encryption strength
KTS AES Certs. #C1801 and #C1803 and HMAC Certs. #C1801 and #C1803; key establishment methodology provides 128 or 256 bits of encryption strength
KTS Triple-DES Certs. #C1801 and #C1803 and HMAC Certs. #C1801 and #C1803; key establishment methodology provides 112 bits of encryption strength
RSA Certs. #C1766, #C1772, #C1799, #C1801 and #C1803
SHS Certs. #A389, #C1801 and #C1803
Triple-DES Certs. #A389, #C1801 and #C1803
Allowed Algorithms
Diffie-Hellman (CVL Certs. #C1772 and #C1799 with CVL Certs. #C1801 and #C1803, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C1772 with CVL Certs. #C1801 and #C1803, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 149 bits of encryption strength)
Hardware Versions
COP chips integrated within processor unit
Software Versions
HCPT440/JCPT441 with APAR OA59268
Firmware Versions
Feature 3863 (aka FC3863) with System Driver Level 41C

Vendor

IBM Corporation
2455 South Road
Poughkeepsie, NY 12601-5400
USA

John Monti
jmonti@us.ibm.com
Phone: 845-435-4164
 Alyson Comer
comera@us.ibm.com
Phone: 607-429-4309

Related Files

Security Policy
Consolidated Certificate

Validation History

Date Type Lab
5/26/2021 Initial ATSEC INFORMATION SECURITY CORP