| intCertNum |
1470 |
| strVendorName |
IBM Corporation |
| strURL |
http://www.ibm.com |
| strAddress1 |
12 - 14 Marine Parade |
| strAddress2 |
Seabank Centre |
| strAddress3 |
|
| strCity |
Southport |
| strStateProv |
QLD |
| strPostalCode |
4215 |
| strCountry |
4215 |
| strContact |
William F Penny |
| strEmail |
wpenny@us.ibm.com |
| strPhone |
845-435-3010 |
| strFax |
845-433-7510 |
| strContact2 |
James Sweeny |
| strEmail2 |
jsweeny@us.ibm.com |
| strFax2 |
845-435-8530 |
| strPhone2 |
845-435-7453 |
| intCertNum |
1470 |
| strModuleName |
IBM z/OS Version 1 Release 11 ICSF PKCS#11 Cryptographic Module |
| strPartNumber |
Hardware Versions: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048);
Firmware Versions: CPACF (FC3863 w/ System Driver Level 77) and optional 4765-001 (e1ced7a0);
Software Versions: APAR OA32012 and APAR OA30951 |
| memModuleNotes |
When operated in FIPS mode |
| str140Version |
140-2 |
| _sp_ |
Security Policy [pdf][html][txt] |
| _cert_ |
Certificate [pdf][txt] |
| strPURL |
http://www-03.ibm.com/systems/z/os/zos/ |
| strModuleType |
Software-Hybrid |
| strValidationDate |
12/28/2010;06/01/2011;10/04/2011 |
| intOverallLevel |
1 |
| memIndividualLevelNotes |
-Cryptographic Module Specification: Level 3;;-Operational Environment: Tested as meeting Level 1 with IBM System z10 Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Accelerator (CEX3A))] [IBM System z10 Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (aka FC3863) includes FC3863 w/System Driver Level 77 and z/OS V1R11]; (single-user mode) |
| strFIPSAlgorithms |
AES (Certs. #1332 and #976);
Triple-DES (Certs. #931 and #769);
DSA (Cert. #437);
ECDSA (Cert. #171);
RSA (Certs. #644, #645 and #691);
SHS (Certs. #946 and #1218);
HMAC (Cert. #780);
RNG (Cert. #734) |
| strOtherAlgorithms |
Diffie-Hellman (key agreement: key establishment methodology provides 112 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
EC Diffie-Hellman (key agreement: key establishment methodology provides between 112 and 256 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
RSA (key wrapping;
key establishment methodology provides between 112 and 150 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
DES;
Triple-DES (non-compliant);
DSA (non-compliant);
HMAC (non-compliant);
RC4;
BLOWFISH;
MD5;
MD2;
RIPE-MD;
EC Brainpool |
| strConfiguration |
Multi-chip standalone |
| memModuleDescription |
The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards. |
| intModuleCount |
1 |
| memAdditionalNotes |
06/01/11: Updated HW and FW versioning and Operational Environment wording for clarity.
10/4/11: Corrected OE listing as indicated in Security Policy. |
| strFirstValidtionDate |
12/28/10 00:00:00 |
| strLabName |
atsec |
| strValidationYear |
2010 |