Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #1672

Details

Module Name
IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module
Standard
FIPS 140-2
Status
Historical
 Historical Reason
Moved to historical list due to sunsetting
Validation Dates
2/6/2012
Overall Level
1
Caveat
When operated in FIPS mode
Security Level Exceptions
  • Cryptographic Module Specification: Level 3
Module Type
Software-Hybrid
Embodiment
Multi-chip standalone
Description
The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards.
Tested Configuration(s)
  • IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Accelerator (CEX3A) is a separately configured version of 4765-001 (P/N 45D6048))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode)
FIPS Algorithms
AES Certs. #1713 and #1866
CVL Cert. #9
DRBG Cert. #151
DSA Cert. #584
ECDSA Cert. #261
HMAC Cert. #1112
RSA Certs. #946, #949 and #971
SHS Certs. #1497 and #1641
Triple-DES Certs. #1103 and #1212
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool
Hardware Versions
CPACF (P/N COP) and optional 4765-001 (P/N 45D6048)
Software Versions
ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780
Firmware Versions
CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0)

Vendor

IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

William F Penny
wpenny@us.ibm.com
Phone: 845-435-3010
Fax: 845-433-7510
James Sweeny
jsweeny@us.ibm.com
Phone: 845-435-7453
Fax: 845-435-8530

Lab

atsec
NVLAP Code: 200658-0