Certificate 1600 - IBM z/OS Version 1 Release 12 System SSL Cryptographic Module
intCertNum 1600
strVendorName IBM Corporation
strURL http://www.IBM.com
strAddress1 2455 South Road
strAddress2
strAddress3
strCity Poughkeepsie
strStateProv NY
strPostalCode 12601
strCountry 12601
strContact William F Penny
strEmail wpenny@us.ibm.com
strPhone 845-435-3010
strFax
strContact2
strEmail2
strFax2
strPhone2
intCertNum 1600
strModuleName IBM z/OS Version 1 Release 12 System SSL Cryptographic Module
strPartNumber Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)];
Firmware Version: 4765-001 (e1ced7a0);
Software Versions: System SSL level HCPT3C0/JCPT3C1 w/ APAR OA34156, RACF level HRF7770 and ICSF level HCR7770 w/ APAR OA34205
memModuleNotes When operated in FIPS mode
str140Version 140-2
_sp_ Security Policy   [pdf][html][txt]
_cert_ Certificate   [pdf]
strPURL
strModuleType Software-Hybrid
strValidationDate 09/08/2011
intOverallLevel 1
memIndividualLevelNotes -Cryptographic Module Specification: Level 3;;;-Operational Environment: Tested as meeting Level 1 with IBM zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS V1R12] (single-user mode)
strFIPSAlgorithms AES (Certs. #1702, #1703 and #1713);
Triple-DES (Certs. #1093, #1094 and #1103);
DSA (Certs. #526 and #527);
RSA (Certs. #831, #832, #844, #845 and #846);
SHS (Certs. #1485, #1486 and #1497);
HMAC (Certs. #986 and #987);
RNG (Certs. #901 and #902)
strOtherAlgorithms Diffie-Hellman (key agreement: key establishment methodology provides 112 bits of encryption strength);
RSA (key wrapping;
key establishment methodology provides between 112 and 150 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
DES;
RC2;
ArcFour;
MD5;
MD2;
ECDSA (non-compliant)
strConfiguration Multi-chip standalone
memModuleDescription System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions.
intModuleCount 1
memAdditionalNotes
strFirstValidtionDate 09/08/11 00:00:00
strLabName atsec
strValidationYear 2011