FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) FIPS 140-2 Non-Proprietary Security Policy IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Document Version 1.10 February 12, 2016 Prepared For: Prepared By: IBM Security SafeLogic Inc. 6303 Barfield Road 530 Lytton Avenue, Ste. 200 Atlanta, GA 30328 Palo Alto, CA 94301 www.ibm.com www.safelogic.com Document Version 1.10 © IBM Security Page 1 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Abstract This document provides a non-proprietary FIPS 140-2 Security Policy for the SiteProtector System Cryptographic Module (Version 3.1.1). Table of Contents 1 Introduction .................................................................................................................................................... 4 1.1 About FIPS 140-2 .............................................................................................................................................4 1.2 About this Document .......................................................................................................................................4 1.3 External Resources...........................................................................................................................................4 1.4 Notices .............................................................................................................................................................4 1.5 Acronyms .........................................................................................................................................................5 2 IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) ...................................................... 6 2.1 Product Overview ............................................................................................................................................6 2.2 Cryptographic Module Specification................................................................................................................6 2.3 Validation Level Detail .....................................................................................................................................7 2.4 Cryptographic Algorithms ................................................................................................................................7 2.4.1 Algorithm Implementation Certificates ...................................................................................................7 2.4.2 Non-Approved Algorithms .......................................................................................................................9 2.5 Module Interfaces............................................................................................................................................9 2.6 Roles, Services, and Authentication ...............................................................................................................11 2.6.1 Operator Services and Descriptions .......................................................................................................11 2.6.2 Module API .............................................................................................................................................15 2.6.3 Operator Authentication ........................................................................................................................19 2.7 Physical Security ............................................................................................................................................19 2.8 Operational Environment ..............................................................................................................................20 2.9 Cryptographic Key Management ...................................................................................................................21 2.10 Self-Tests .....................................................................................................................................................27 2.10.1 Power-On Self-Tests .............................................................................................................................27 2.10.2 Conditional Self-Tests...........................................................................................................................28 2.11 Mitigation of Other Attacks .........................................................................................................................29 3 Guidance and Secure Operation .................................................................................................................... 31 3.1 Crypto Officer Guidance ................................................................................................................................31 3.1.1 Software Packaging ................................................................................................................................31 3.1.2 Enabling FIPS Mode................................................................................................................................31 3.1.3 Additional Rules of Operation ................................................................................................................32 3.2 User Guidance ...............................................................................................................................................33 3.2.1 General Guidance...................................................................................................................................33 Document Version 1.10 © IBM Security Page 2 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) List of Tables Table 1 – Acronyms and Terms......................................................................................................................................5 Table 2 – Validation Level by DTR Section .....................................................................................................................7 Table 3 – Algorithm Certificates (GSKit) ........................................................................................................................9 Table 4 – Logical Interface / Physical Interface Mapping ............................................................................................11 Table 5 – Module Services and Descriptions and CSP access ......................................................................................11 Table 6 - Key Zeroization API .......................................................................................................................................15 Table 7 – Module Keys/CSPs........................................................................................................................................25 List of Figures Figure 1 – Module Interfaces Diagram ........................................................................................................................10 Document Version 1.10 © IBM Security Page 3 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 1 Introduction 1.1 About FIPS 140-2 Federal Information Processing Standards Publication 140-2 — Security Requirements for Cryptographic Modules specifies requirements for cryptographic modules to be deployed in a Sensitive but Unclassified environment. The National Institute of Standards and Technology (NIST), Communications Security Establishment (CSE) and Cryptographic Module Validation Program (CMVP) runs the FIPS 140-2 program. The CMVP accredits independent testing labs to perform FIPS 140 testing; the CMVP also validates test reports for modules meeting FIPS 140-2 validation. Validated is the term given to a product that is documented and tested against the FIPS 140-2 criteria. More information is available on the CMVP website at http://csrc.nist.gov/groups/STM/cmvp/index.html. 1.2 About this Document This non-proprietary Cryptographic Module Security Policy for the SiteProtector System Cryptographic Module (Version 3.1.1) from IBM Security provides an overview of the product and a high-level description of how it meets the security requirements of FIPS 140-2. This document contains details on the module’s cryptographic keys and critical security parameters. This Security Policy concludes with instructions and guidance on running the module in a FIPS 140-2 mode of operation. The IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) may also be referred to as the “module” in this document. 1.3 External Resources The IBM Security website (http://www.ibm.com) contains information on the full line of products from IBM Security, including a detailed overview of the SiteProtector System Cryptographic Module (Version 3.1.1) solution. The Cryptographic Module Validation Program website (http://csrc.nist.gov/groups/STM/cmvp/) contains links to the FIPS 140-2 certificate and IBM Security contact information. 1.4 Notices This document may be freely reproduced and distributed in its entirety without modification. Document Version 1.10 © IBM Security Page 4 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 1.5 Acronyms The following table defines acronyms found in this document: Acronym Term AES Advanced Encryption Standard CBC Cipher Block Chaining CSE Communications Security Establishment CSP Critical Security Parameter DTR Derived Testing Requirement ECDSA Elliptic Curve Digital Signature Algorithm FIPS Federal Information Processing Standard GPC General Purpose Computer GPOS General Purpose Operating System GSKit IBM Global Security Kit GUI Graphical User Interface HMAC Hashed Message Authentication Code IBM International Business Machines ISS Internet Security Systems KAT Known Answer Test NIST National Institute of Standards and Technology RSA Rivest Shamir Adelman SHA Secure Hashing Algorithm Table 1 – Acronyms and Terms Document Version 1.10 © IBM Security Page 5 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 2 IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 2.1 Product Overview SiteProtector (http://www-03.ibm.com/software/products/en/site-protector-system) is a centralized management system that unifies management and analysis for network, server, and desktop protection agents and small networks or appliances. The SiteProtector is used as the central controlling point for IBM ISS appliances deployed on the network. The SiteProtector performs the following functionality: Manages and monitors Sensors and SiteProtector sub-components; • Enables an administrator to view configuration data of an appliance supported by SiteProtector; • Displays audit and system data records; and • Monitors the network connection between SiteProtector and the Sensors it is configured to • monitor. 2.2 Cryptographic Module Specification The module is the IBM Security SiteProtector System Cryptographic Module (Version 3.1.1), provides the SiteProtector application with the means to encrypt management session to a managed Sensor. The module is a software-only module installed on a multi-chip standalone device, such as a General Purpose Computer running a General Purpose Operating System and provides cryptographic services to the IBM Security SiteProtector application. The module is a uniquely identifiable library that is linked into the SiteProtector application. All operations of the module occur via calls from the SiteProtector application, which occur only when an operator is successfully authenticated to the host operating system. As such there are no untrusted services or daemons calling the services of the module. No security functions outside the cryptographic module provide FIPS-relevant functionality to the module. The module is comprised of the following files: \ISS\SiteProtector\Agent Manager\agentmgr.dll • \ISS\SiteProtector\Agent Manager\issSessionConfigSvcs5.dll • \ISS\SiteProtector\Application Server\webserver\IHS\bin\issSessionConfigSvcs5.dll • \ISS\SiteProtector\Application Server\webserver\IHS\modules\mod_ibm_ssl.so • \ISS\SiteProtector\Event Collector\issSessionConfigSvcs5.dll • \ISS\SiteProtector\FIPS Service\FipsService.exe • \ISS\SiteProtector\Application Server\webserver\IHS\gsk8 • \ISS\SiteProtector\GSK\8.0.50.51 • Document Version 1.10 © IBM Security Page 6 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) This module provides no non-FIPS approved mode of operation, and there is only one FIPS approved mode of operation. Although the module requires no further configuration or compilation, the procedures in the Guidance and Secure Operation must be followed. 2.3 Validation Level Detail The following table lists the level of validation for each area in FIPS 140-2: FIPS 140-2 Section Title Validation Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 2 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 Electromagnetic Interference / Electromagnetic Compatibility 1 Self-Tests 1 Design Assurance 2 Mitigation of Other Attacks N/A Overall Validation Level 1 Table 2 – Validation Level by DTR Section The “Mitigation of Other Attacks” section is not relevant as the module does not implement any countermeasures towards special attacks. 2.4 Cryptographic Algorithms 2.4.1 Algorithm Implementation Certificates The module’s cryptographic algorithm implementations have received the following certificate numbers from the Cryptographic Algorithm Validation Program: Algorithm CAVP Certificate Use 1676 Sign / verify RSA Key 186-4KEY(gen) operations Generation (2048 or 3072 bits) Key transport RSA PKCS#1.5 Signature (2048 or 3072 bits) Generation (SHA-224,SHA-256,SHA- 384,SHA-512) Document Version 1.10 © IBM Security Page 7 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) RSA PKCS#1.5 (1024, 2048, Signature 3072 bits) Verification (SHA-1,SHA-224,SHA- 256,SHA-384,SHA-512) ECDSA KeyPair P: 224, 256, 384, 521 632 Sign / verify Generation K: 233, 283, 409, 571 operations B: 233, 283, 409, 571 ECDSA PKV P: 192, 224, 256, 384, 521 K: 163, 233, 283, 409, 571 B: 163, 233, 283, 409, 571 ECDSA P: 224, 256, 384, 521 Signature K: 233, 283, 409, 571 Generation B: 233, 283, 409, 571 ECDSA P: 192, 224, 256, 384, 521 Signature K: 163, 233, 283, 409, 571 Verification B: 163, 233, 283, 409, 571 ECC CDH P: 224, 256, 384, 521 462 Cofactor Diffie- Component Hellman Primitive (SP800-56A) SHA message SHA-1, SHA-224, SHA-256, 2717 Message digest in digest SHA-384, SHA-512 TLS sessions generation Module integrity via SHA-1 HMAC HMAC-SHA-1, HMAC-SHA- 2076 Message 224, HMAC-SHA-256, verification HMAC-SHA-384, HMAC- SHA-512 AES AES-128-CMAC, AES-192- 3279 Data encryption / CMAC, AES-256-CMAC, decryption ECB, CBC, CFB1, CFB8, CFB128 & OFB AES_CCM 128, 192,or 256 bit keys (SP800-38C) AES_GCM 128, 192,or 256 bit keys (FIPS 197, SP800- 38D) AES_XTS 128, 256 bit keys (FIPS SP800-38E) 1 1 AES XTS mode was CAVS validated but not implemented within the module. Document Version 1.10 © IBM Security Page 8 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Triple-DES Triple-DES 192-bit keys in 1866 Data encryption / ECB, CBC, CFB64, and OFB decryption mode, CMAC DRBG 800- HMAC_DRBG (SHA-1, SHA- 737 DRBG 90A 224, SHA-256, SHA-384, SHA-512), HASH_DRBG (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512), CTR_DRBG (AES-128- ECB, AES- 192-ECB, AES-256- ECB) Table 3 – Algorithm Certificates (GSKit) 2.4.2 Non-Approved Algorithms The module implements the following Non-Approved Algorithms: True Random Number Generator (TRNG), a non-deterministic RNG (NDRNG) used to seed the • DRBG. RSA (key wrapping; key establishment methodology provides 112 or 128 bits of • encryption strength). Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 • bits of encryption strength) EC Diffie-Hellman (CVL Cert. #462, key agreement; key establishment methodology • provides between 128 and 256 bits of encryption strength) 2.5 Module Interfaces The figure below shows the module’s physical and logical block diagram: Document Version 1.10 © IBM Security Page 9 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Figure 1 – Module Interfaces Diagram The interfaces (ports) for the physical boundary include the computer keyboard port, CDROM drive, floppy disk, mouse, network port, parallel port, USB ports, monitor port and power plug. When operational, the module does not transmit any information across these physical ports because it is a software cryptographic module. Therefore, the module’s interfaces are purely logical and are provided through the Application Programming Interface (API) that a calling daemon can operate. The logical interfaces expose services that applications directly call, and the API provides functions that may be called by a referencing application (see Section 2.6 – Roles, Services, and Authentication for the list of available functions). The API provided by the module is mapped onto the FIPS 140- 2 logical interfaces: data input, data output, control input, and status output. Each of the FIPS 140- 2 logical interfaces relates to the module's callable interface, as follows: FIPS 140-2 Interface Logical Interface Module Physical Interface Data Input Input parameters of API function Ethernet/Network port calls Data Output Output parameters of API function Ethernet/Network port calls Control Input API function calls Keyboard and mouse Document Version 1.10 © IBM Security Page 10 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Status Output Uses the API function Monitor ICC_GetStatus that provides information about the status of the module and returns true or false. Either state is logged. The function is called once the context of the module has been obtained. Power None Power supply/connector Table 4 – Logical Interface / Physical Interface Mapping The module’s logical interfaces are provided only through the Application Programming Interface (API) that a calling daemon can operate. The module distinguishes between logical interfaces by logically separating the information according to the defined API. As shown in Figure 1 – Module Interfaces Diagram and Table 5 – Module Services and Descriptions , the output data path is provided by the data interfaces and is logically disconnected from processes performing key generation or zeroization. No key information will be output through the data output interface when the module zeroizes keys. 2.6 Roles, Services, and Authentication The module supports a Crypto Officer and a User role. The Crypto Officer (i.e., a human operator) can initialize and configure the module while the User role (i.e., SiteProtector) can only access the services of the module. The module does not support a Maintenance role. 2.6.1 Operator Services and Descriptions Service Notes Modes CAVP Keys and CSPs Roles Access Type Symmetric Algorithms AES encryption & 128, 192,or 256-bit keys CBC,ECB, CFB1, 3279 AES Symmetric Crypto Read/Write decryption (FIPS 197) CFB8, CFB128, key Officer Encrypt/Decrypt OFB User (with and without hardware support) Triple-DES 192-bit (of which 168 CBC, ECB, 1866 Triple-DES Crypto Read/Write encryption & bits are key bits and the CFB64, OFB Symmetric key Officer decryption rest are parity bits) keys User (SP 800-67) Encrypt/Decrypt Public Key Algorithms ECDSA KeyPair P: 224, 256, 384, 521 N/A 632 ECDSA public and Crypto Write Generation K: 233, 283, 409, 571 private key Officer B: 233, 283, 409, 571 User Document Version 1.10 © IBM Security Page 11 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Service Notes Modes CAVP Keys and CSPs Roles Access Type ECDSA PKV P: 192, 224, 256, 384, N/A 632 ECDSA key Crypto Write 521 material Officer K: 163, 233, 283, 409, User 571 ECDSA Signature P: 224, 256, 384, 521 N/A 632 ECDSA private Crypto Read Generation K: 233, 283, 409, 571 key Officer B: 233, 283, 409, 571 User ECDSA Signature P: 192, 224, 256, 384, N/A 632 ECDSA public key Crypto Read Verification 521 Officer K: 163, 233, 283, 409, User 571 B: 163, 233, 283, 409, 571 RSA Key 186-4KEY(gen) N/A 1676 RSA public and Crypto Write Generation (2048 or 3072 bits) private key Officer User RSA Signature PKCS#1.5 N/A 1676 RSA private key Crypto Read Generation (2048 or 3072 bits) Officer (SHA-224,SHA-256,SHA- User 384,SHA-512) (with and without hardware support) RSA Signature PKCS#1.5 (1024, 2048, N/A 1676 RSA public key Crypto Read Verification 3072 bits) Officer (SHA-1,SHA-224,SHA- User 256,SHA-384,SHA-512) (with and without hardware support) RSA Key Wrapping Encrypt / Decrypt N/A 1676 RSA public and Crypto Read (2048, 3072 bits) private key Officer Allowed to be used in User FIPS mode Diffie-Hellman 2048 or 4096 bit Key agreement N/A DH public and Crypto Read/Write (DH) modulus and Key private key Officer Allowed to be used in Generation User FIPS mode EC Diffie-Hellman P: 224, 256, 384, 521 Key agreement (ECC CDH ECDH public and Crypto Read/Write (ECDH) (SP 800-56A) and Key compone private key Officer Generation nt test User #462) Hash Functions Document Version 1.10 © IBM Security Page 12 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Service Notes Modes CAVP Keys and CSPs Roles Access Type SHA-1 message FIPS 180-4 N/A 2717 None Crypto N/A digest generation (not valid for signature Officer generation) User SHA-224, SHA- FIPS 180-4, SHA-2 N/A 2717 None Crypto N/A 256, SHA-384, algorithms Officer SHA-512 message (with and without User digest generation hardware support) Message Authentication Codes (MACs) HMAC-SHA-1, FIPS 198, 198-1 N/A 2076 HMAC-SHA-1 key, Crypto Write HMAC-SHA-224, (with and without Officer HMAC-SHA-224 HMAC-SHA-256, hardware support) key, HMAC-SHA- User HMAC-SHA-384, 256 key, HMAC- HMAC-SHA-512 SHA-384 key, HMAC-SHA-512 key Encryption Functions AES-128-CMAC, 128, 192, or 256 bit N/A 3279 CMAC-AES-128 Crypto Write AES-192-CMAC, keys (FIPS 197) key, CMAC-AES- Officer AES-256-CMAC Encrypt/Decrypt 192 key, User (with and without CMAC-AES-256 hardware support) key Triple-DES CMAC 192-bit keys (FIPS 197) CBC 1866 CMAC-Triple-DES Crypto Write (CMAC with three key (192-bit) Officer key Triple-DES) User AES_CCM 128, 192,or 256 bit keys N/A 3279 AES_CCM key Crypto Write (SP800-38C) Officer (with and without User hardware support) AES_GCM 128, 192,or 256 bit keys N/A 3279 AES_GCM key Crypto Write (FIPS 197, SP800-38D) Officer (with and without User hardware support) Random Bit Generator Document Version 1.10 © IBM Security Page 13 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Service Notes Modes CAVP Keys and CSPs Roles Access Type DRBG 800-90A SP 800-90A HMAC_DRBG 737 Seed Write Crypto (with and without (SHA-1, SHA- Officer hardware support). 224, SHA-256, User SHA-384, SHA- 512), HASH_DRBG (SHA-1, SHA- 224, SHA-256, SHA-384, SHA- 512), CTR_DRBG (AES-128-ECB, AES-192-ECB, AES-256-ECB) FIPS 140-2 Functions Configure Initializes the module N/A N/A None Crypto Execute for FIPS mode of Officer operation Self-Test Performs self-tests on N/A N/A None Crypto Execute critical functions of Officer module. Run during startup and periodically during operations to prevent any secure data from being released and to ensure all components are functioning correctly Show Status Shows status of the N/A N/A None Execute Crypto module Officer User Zeroization Zeroizes keys. N/A N/A None Crypto Execute Ephemeral CSPs are Officer zeroized by the RAM clearing processes, and static CSPs are zeroized by uninstalling the module and formatting the hard drive Table 5 – Module Services and Descriptions and CSP access Document Version 1.10 © IBM Security Page 14 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Secret keys, public/private keys, and CSPs are protected from unauthorized disclosure, unauthorized modification, and unauthorized substitution because only authorized users are allowed access to the GPOS and SiteProtector application. The SiteProtector application ensures that no keys or CSPs leave the physical boundary of the module in plaintext. The module does not output intermediate key values, nor does it generate keys with non-Approved key generation methods. Ephemeral CSPs are zeroized by the RAM clearing processes, and static CSPs are zeroized by uninstalling the module and formatting the hard drive. All keys and CSPs are stored in memory, and zeroization has been implemented to ensure no traces are left of any CSPs upon termination of the service using the CSP. Zeroization has been implemented by overwriting the allocated memory buffer with zeros before freeing the memory to other uses. Any service using a CSP will zeroize the CSP upon normal termination and when transitioning into error states. Zeroization is initiated by terminating the process and powering off the module. Zeroization will complete before any other malicious command could compromise the keys currently being zeroized because the module will not process additional commands until it finishes executing the current command. Key zeroization services are performed via the following API functions: Key Zeroization Services API functions Clean up memory locations used by low-level ICC_BN_clear_free() ICC_BN_CTX_free() arithmetic functions Clean up symmetric cipher context ICC_EVP_CIPHER_CTX_free() Clean up RSA context ICC_RSA_free() Clean up Diffie-Hellman context ICC_DH_free() Clean up asymmetric key contexts ICC_EVP_PKEY_free() Clean up HMAC context ICC_HMAC_CTX_free() Clean up ECDSA and ECDH contexts ICC_EC_KEY_free() Clean up CMAC context ICC_CMAC_CTX_free() Clean up AES-GCM context ICC_AES_GCM_CTX_free() Clean up RNG context ICC_RNG_CTX_free() Table 6 - Key Zeroization API It is the calling application’s responsibility to appropriately utilize the provided zeroization methods (i.e. API functions) as listed in the table above to clean up involved cryptographic contexts before they are released. 2.6.2 Module API The following list enumerates the API functions supported. Functions marked with (CO) are crypto officer functions. Document Version 1.10 © IBM Security Page 15 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) • • ICC_EC_GROUP_set_asn1_flag ICC_EVP_CIPHER_CTX_free • • ICC_EVP_CIPHER_CTX_flags ICC_EVP_CIPHER_CTX_init • • ICC_EVP_CIPHER_CTX_set_flags ICC_EVP_CIPHER_CTX_cleanup • • ICC_GetStatus ICC_EVP_CIPHER_CTX_set_key_length • • ICC_Init (CO) ICC_EVP_CIPHER_CTX_set_padding • • ICC_SetValue (CO) ICC_EVP_CIPHER_block_size • • ICC_GetValue ICC_EVP_CIPHER_key_length • • ICC_Attach (CO) ICC_EVP_CIPHER_iv_length • • ICC_Cleanup ICC_EVP_CIPHER_type • • ICC_SelfTest ICC_EVP_CIPHER_CTX_cipher • • ICC_GenerateRandomSeed ICC_DES_random_key • • ICC_OBJ_nid2sn ICC_DES_set_odd_parity • • ICC_EVP_get_digestbyname ICC_EVP_EncryptInit • • ICC_EVP_get_cipherbyname ICC_EVP_EncryptUpdate • • ICC_EVP_MD_CTX_new ICC_EVP_EncryptFinal • • ICC_EVP_MD_CTX_free ICC_EVP_DecryptInit • • ICC_EVP_MD_CTX_init ICC_EVP_DecryptUpdate • • ICC_EVP_MD_CTX_cleanup ICC_EVP_DecryptFinal • • ICC_EVP_MD_CTX_copy ICC_EVP_OpenInit • • ICC_EVP_MD_type ICC_EVP_OpenUpdate • • ICC_EVP_MD_size ICC_EVP_OpenFinal • • ICC_EVP_MD_block_size ICC_EVP_SealInit • • ICC_EVP_MD_CTX_md ICC_EVP_SealUpdate • • ICC_EVP_Digestinit ICC_EVP_SealFinal • • ICC_EVP_DigestUpdate ICC_EVP_SignInit • • ICC_EVP_DigestFinal ICC_EVP_SignUpdate • • ICC_EVP_CIPHER_CTX_new ICC_EVP_SignFinal Document Version 1.10 © IBM Security Page 16 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) • • ICC_EVP_VerifyInit ICC_RSA_public_decrypt • • ICC_EVP_VerifyUpdate ICC_i2d_RSAPrivateKey • • ICC_EVP_VerifyFinal ICC_i2d_RSAPublicKey • • ICC_EVP_ENCODE_CTX_new ICC_d2i_PrivateKey • • ICC_EVP_ENCODE_CTX_free ICC_d2i_PublicKey • • ICC_EVP_EncodeInit ICC_EVP_PKEY_set1_DH • • ICC_EVP_EncodeUpdate ICC_EVP_PKEY_get1_DH • • ICC_EVP_EncodeFinal ICC_DH_new • • ICC_EVP_DecodeInit ICC_DH_new_generate_key • • ICC_EVP_DecodeUpdate ICC_DH_ check • • ICC_EVP_DecodeFinal ICC_DH_free • • ICC_RAND_bytes ICC_DH_size • • ICC_RAND_seed ICC_DH_compute_key • • ICC_EVP_PKEY_decrypt ICC_DH_generate_parameters • • ICC_EVP_PKEY_encrypt ICC_DH_get_PublicKey • • ICC_EVP_PKEY_new ICC_id2_DHparams • • ICC_EVP_PKEY_free ICC_d2i_DHparams • • ICC_EVP_PKEY_size ICC_RSA_size • • ICC_RSA_new ICC_BN_CTX_new • • ICC_RSA_generate_key ICC_BN_CTX_free • • ICC_RSA_check_key ICC_BN_mod_exp • • ICC_EVP_PKEY_set1_RSA ICC_HMAC_CTX_new • • ICC_EVP_PKEY_get1_RSA ICC_HMAC_CTX_free • • ICC_RSA_free ICC_HMAC_Init • • ICC_RSA_private_encrypt ICC_HMAC_Update • • ICC_RSA_private_decrypt ICC_HMAC_Final • • ICC_RSA_public_encrypt ICC_BN_div Document Version 1.10 © IBM Security Page 17 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) • • ICC_ECDSA_SIG_new ICC_AES_CCM_Encrypt • • ICC_ECDSA_SIG_free ICC_AES_CCM_Decrypt • • ICC_i2d_ECDSA_SIG ICC_get_RNGbyname • • ICC_d2i_ECDSA_SIG ICC_RNG_CTX_new • • ICC_ECDSA_sign ICC_RNG_CTX_free • • ICC_ECDSA_verify ICC_RNG_CTX_Init • • ICC_ECDSA_size ICC_RNG_Generate • • ICC_EVP_PKEY_set1_EC_KEY ICC_RNG_ReSeed • • ICC_EVP_PKEY_get1_EC_KEY ICC_RNG_CTX_ctrl • • ICC_EC_KEY_new_by_curve_name ICC_RSA_sign • • ICC_EC_KEY_new ICC_RSA_verify • • ICC_EC_KEY_free ICC_EC_GROUP_get_degree • • ICC_EC_KEY_generate_key ICC_EC_GROUP_get_curve_GFp • • ICC_EC_KEY_get0_group ICC_EC_GROUP_get_curve_GF2m • • ICC_EC_METHOD_get_field_type ICC_EC_GROUP_get0_generator • • ICC_EC_GROUP_method_of ICC_i2o_ECPublicKey • • ICC_EC_POINT_new ICC_o2i_ECPublicKey • • ICC_EC_POINT_free ICC_BN_cmp • • ICC_EC_POINT_get_affine_coordinates_G ICC_BN_add Fp • ICC_BN_sub • ICC_EC_POINT_set_affine_coordinates_G • Fp ICC_BN_mod_mul • • ICC_EC_POINT_get_affine_coordinates_G ICC_EVP_PKCS82PKEY F2m • ICC_EVP_PKEY2PKCS8 • ICC_AES_GCM_DecryptUpdate • ICC_PKCS8_PRIV_KEY_INFO_free • ICC_AES_GCM_EncryptFinal • ICC_d2i_PKCS8_PRIV_KEY_INFO • ICC_AES_GCM_DecryptFinal • ICC_i2d_PKCS8_PRIV_KEY_INFO • ICC_AES_GCM_GenerateIV_NIST • ICC_d2i_ECPKParameters • ICC_GHASH Document Version 1.10 © IBM Security Page 18 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) • • ICC_i2d_ECPKParameters ICC_OPENSSL_cpuid • • ICC_EC_GROUP_free ICC_EVP_CIPHER_CTX_flags • • ICC_EC_KEY_set_group ICC_EVP_CIPHER_CTX_set_flags • • ICC_EC_KEY_dup ICC_OPENSSL_HW_rand • • ICC_RSA_X931_derive_ex ICC_OPENSSL_rdtscX • • ICC_Init ICC_EVP_CIPHER_CTX_copy • • ICC_EC_GROUP_set_asn1_flag ICC_BN_is_prime_fasttest_ex • ICC_OPENSSL_cpuid_override 2.6.3 Operator Authentication Operators authenticate to the module via the Microsoft Windows Server 2012 R2 (General Purpose Operating System), which implements a username/password authentication mechanism and enforces operator authentication prior to the operator utilizing any system services. Further, the Windows login authentication mechanism required to access the module distinguishes operators that have administrator rights on the computer system. The modules rely on this mechanism to distinguish an operator between the two supported roles. The module itself does not contain authentication data. The GPOS will allow an operator to change roles only if the User knows the Crypto Officer password and vice versa. The operating system is responsible for ensuring previous authentication data is cleared upon powering off of the module. Passwords for the Crypto-Officer and User role must be a minimum of 8 characters (see Secure Operation section of this document). The password can consist of alphanumeric values, a-z A-Z 0- 9, yielding 62 choices per character. The probability of a successful random attempt is 1/628, which is less than 1/1,000,000. The GPOS module will lock an account after 5 failed authentication attempts; thus, the maximum number of attempts in one minute is 5. Therefore, the probability of a success with multiple consecutive attempts in a one minute period is 5/628 which is less than 1/100,000. 2.7 Physical Security This section of requirements does not apply to this module. The module is a software-only module and does not implement any physical security mechanisms. Document Version 1.10 © IBM Security Page 19 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 2.8 Operational Environment The cryptographic module were tested and validated on the following hardware platform: Intel Core i7-2600 @ 3.4GHz (1-CPU / 4-core) • The module runs on Microsoft Windows Server 2012 R2 Standard (Single-user mode), Version 6.3. The module’s software is entirely encapsulated by the cryptographic boundary (shown in Figure 1). The GPC(s) used during testing are assumed to have met Federal Communications Commission (FCC) FCC Electromagnetic Interference (EMI) and Electromagnetic Compatibility (EMC) requirements for business use as defined by 47 Code of Federal Regulations, Part15, Subpart B. Document Version 1.10 © IBM Security Page 20 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 2.9 Cryptographic Key Management The table below provides a complete list of Critical Security Parameters used within the module: Key/CSP Name Description / Use Generation Storage Establishment / Export Interface Privileges Storage: RAM plaintext Agreement: Via secure AES Session AES 128, 192, 256 Internal generation at Decrypt Crypto Key encryption & installation by DRBG TLS tunnel Officer Encrypt Type: Ephemeral decryption of Entry: NA management traffic RWD Association: The system is the User Output: NA one and only owner. Relationship is maintained by RWD the operating system via protected memory. Storage: RAM plaintext Agreement: Via secure Triple-DES Triple-DES 192 Internal generation at Decrypt Crypto Session Key encryption & installation by DRBG TLS tunnel Officer Encrypt Type: Ephemeral decryption Entry: NA of management traffic RWD Association: The system is the User Output: NA one and only owner. Relationship is maintained by RWD the operating system via protected memory. Storage: RAM plaintext Agreement: NA HMAC key HMAC-SHA-1, HMAC- Internal generation at Establish Session Crypto SHA-224, HMAC-SHA- installation by DRBG Officer Type: Ephemeral Entry: NA 256, HMAC-SHA-384, HMAC-SHA-512 for RWD Association: The system is the Output: None message verification User one and only owner. Relationship is maintained by RWD the operating system via Document Version 1.10 © IBM Security Page 21 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) protected memory. Storage: on disk/obfuscated Agreement: NA Crypto Officer Alphanumeric Not generated by the Configure Crypto Password passwords externally module; defined by the Officer Type: Static Entry: Manual entry generated by a human human user of the RWD user for workstation via operating system User Association: controlled by the authentication to the None Output: NA operating system. operating system Storage: on disk/obfuscated Agreement: NA User Password Alphanumeric Not generated by the Configure Crypto passwords externally module; defined by the Officer Type: Static Entry: Manual entry generated by a human human user of the D user for workstation via operating system User Association: controlled by the authentication to the RW Output: NA operating system. operating system Storage: RAM plaintext Agreement: NA DRBG Seed Key 256-bit value to seed Generated internally Establish Session Crypto the FIPS-approved by non-Approved RNG Officer Type: Ephemeral Entry: NA DRBG None User Association: The system is the Output: NA None one and only owner. Relationship is maintained by the operating system via protected memory. Storage: RAM plaintext Agreement: NA Entropy Input Input value for Generated internally Establish Session Crypto String entropy calculation by non-Approved RNG Officer Type: Ephemeral Entry: NA None User Association: The system is the Output: NA None one and only owner. Relationship is maintained by the operating system via protected memory. Document Version 1.10 © IBM Security Page 22 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Storage: RAM plaintext Agreement: NA Hash_DRBG V and C values Generated internally Establish Session Crypto mechanism by non-Approved RNG Officer Type: Ephemeral Entry: NA None User Association: The system is the Output: NA None one and only owner. Relationship is maintained by the operating system via protected memory. Storage: RAM plaintext Agreement: NA HMAC_DRBG V and Key values Generated internally Establish Session Crypto mechanism by non-Approved RNG Officer Type: Ephemeral Entry: NA None User Association: The system is the Output: NA None one and only owner. Relationship is maintained by the operating system via protected memory. Storage: RAM plaintext Agreement: NA CTR_DRBG V and Key values Generated internally Establish Session Crypto mechanism by non-Approved RNG Officer Type: Ephemeral Entry: NA None User Association: The system is the Output: NA None one and only owner. Relationship is maintained by the operating system via protected memory. Document Version 1.10 © IBM Security Page 23 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Storage: RAM plaintext Agreement: NA RSA Private Private asymmetric Internal generation Establish Session Crypto Key key for sign / verify Officer Type: Static Entry: NA operations and RWD key establishment 2 for Association: The system is the Output: Key handle SiteProtector TLS User connections. one and only owner. from API request is R Relationship is maintained by output only to the the operating system via SiteProtector protected memory. application Storage: RAM plaintext Agreement: NA RSA Public Key Public asymmetric key Internal generation Establish Session Crypto for sign / verify Officer Type: Static Entry: NA` operations and RWD key establishment for Association: The system is the Output: Key handle SiteProtector TLS connections one and only owner. from API request is Relationship is maintained by output only to the User Encryption/Decryption the operating system via X509 SiteProtector R of the Premaster certificates. application Secret for entry/output Storage: RAM plaintext Agreement: NA ECDHE Private Private asymmetric Internal generation Establish Session Crypto Key key for key Officer Type: Static Entry: NA establishment 3 for RWD Key establishment methodology provides 112 or 128 bits of encryption strength 2 Key establishment methodology provides 112 or 128 bits of encryption strength 3 Document Version 1.10 © IBM Security Page 24 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) SiteProtector TLS User Association: The system is the Output: Key handle connections. R one and only owner. from API request is Relationship is maintained by output only to the the operating system via SiteProtector protected memory. application Storage: RAM plaintext Agreement: NA ECDHE Public Public asymmetric key Internal generation Establish Session Crypto for key establishment3 Key Officer Type: Static Entry: NA` RWD for SiteProtector TLS User connections. Association: The system is the Output: Key handle R one and only owner. from API request is Encryption/Decryption Relationship is maintained by output only to the of the Premaster the operating system via X509 SiteProtector Secret for certificates. application entry/output R = Read W = Write D = Delete Table 7 – Module Keys/CSPs Secret keys, public/private keys, and CSPs are protected from unauthorized disclosure, unauthorized modification, and unauthorized substitution because only authorized users are allowed access to the GPOS and SiteProtector application. The SiteProtector application ensures that no keys or CSPs leave the physical boundary of the module in plaintext. The module does not output intermediate key values, nor does it generate keys with non-Approved key generation methods. Ephemeral CSPs are zeroized by the RAM clearing processes, and static CSPs are zeroized by uninstalling the module and formatting the hard drive. All keys and CSPs are stored in memory, and zeroization has been implemented to ensure no traces are left of any CSPs upon termination of the service using the CSP. Zeroization has been implemented by overwriting the allocated memory buffer with zeros before freeing the memory to other uses. Any service using a CSP will zeroize the CSP upon normal termination and when transitioning into error states. Zeroization is initiated by terminating the process and powering off the module. Zeroization will complete before any other malicious command could compromise the keys currently being zeroized because the module will not process additional commands until it finishes executing the current command. Document Version 1.10 © IBM Security Page 25 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) The TLS protocol has not been reviewed or tested by the CAVP and CMVP. Please see NIST document SP800-131A for guidance regarding the use of non FIPS-approved algorithms. Document Version 1.10 © IBM Security Page 26 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 2.10 Self-Tests The module includes an array of self-tests that are run during startup and periodically during operations to prevent any secure data from being released and to ensure all components are functioning correctly. In the event of any self-test failure, the module/SiteProtector application will output an error to the audit log and will shutdown. In addition to self-test failures, successful loading of the module is also logged. To access status of self-tests, success or failure, the application provides access to the audit log. Status is viewable via operating environment’s audit mechanism and by verifying proper loading and operation of the SiteProtector application. While the module is running self-tests, the module will not output data. The SiteProtector application makes calls to the SiteProtector System Cryptographic Module (Version 3.1.1), and data will not be returned until the self-tests complete. No keys or CSPs will be output when the module is in an error state. The module will halt and the process will terminate; as such, no data will be output via the data output interface. Additionally, the module does not support a bypass function, and the module does not allow plaintext cryptographic key components or other unprotected CSPs to be output on physical ports. No external software or firmware is allowed to be loaded in a FIPS mode of operation. The following sections discuss the module’s self-tests in more detail. 2.10.1 Power-On Self-Tests Power-on self-tests are run upon every initialization of the module and if any of the tests fail, the module will not initialize. The module will enter an error state and no services can be accessed by the users. The module implements the following power-on self-tests: Module integrity check for the GSKit cryptographic library is via 2048-bit CAVS-validated RSA • public key (PKCS#1.5) and a single HMAC SHA-1 digest calculated over the module at the time it is created. This RSA public key is stored inside the static stub and relies on the operating system for protection. Self-test and library verification is performed at library load by hooking the shared library’s ‘call on load’ entry points. Module integrity checks for other SiteProtector modules are by digital signature verification • based on a 3072-bit CAVS-validated RSA public key using SHA-256 hashing. The signatures are created when the modules are created by IBM. Signature verification is done by the SiteProtector FIPS service before shared library is loaded. RSA signature generation with 2048 modulus KAT • RSA signature verification with 2048 modulus KAT • • ECDSA pairwise consistency test with P-384 Document Version 1.10 © IBM Security Page 27 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) ECDSA signature verification with P-384 KAT • ECDSA pairwise consistency test with B-233 • ECDSA signature verification with B-233 KAT • ECDSA pairwise consistency test with K-233 • ECDSA signature verification with K-233 KAT • Triple-DES – CBC (separate encrypt and decrypt KATs) • AES 256 – CBC (separate encrypt and decrypt KATs) • AES_GCM (separate encrypt and decrypt KATs) • AES_CCM (separate encrypt and decrypt KATs) • SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 KAT • HMAC: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 KAT • • DRBG 800-90A KAT • RSA encryption with 2048 modulus KAT • RSA decryption with 2048 modulus KAT • Critical functions test - Performed as part of the GPC initialization and operation, e.g. RAM Power-On Self-Test (POST) at boot time, and persistent storage (hard drive) sector check-sum tests The module performs all power-on self-tests automatically when the module is initialized. All power-on self-tests must be passed before a User/Crypto Officer can perform services. The Power-on self-tests can be run on demand by reinitializing the module in FIPS approved Mode of Operation. Upon passing the power-on self-tests, the module will log the success and will continue to boot normally; successful loading of the SiteProtector application will indicate that all self-tests have passed. If a self-test fails, the module will not load and the SiteProtector application will halt. 2.10.2 Conditional Self-Tests Conditional self-tests are on-demand tests and tests run continuously during operation of the module. If any of these tests fail, the module will enter an error state and no services can be accessed by the users. The module can be re-initialized to clear the error and resume FIPS mode of operation. The module performs the following conditional self-tests: Document Version 1.10 © IBM Security Page 28 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Pairwise consistency test for RSA (Signature Generation, Signature Verification, Key Generation, • Key Wrapping) Pairwise consistency test for ECDSA (KeyPair Generation, PKV, Signature Generation, Signature • Verification) DRBG 800-90A 
 • Health Tests compliant with SP 800-90A – Section 11.3. o The DRBG 800-90A generates a minimum of 8 bytes per request. If less than 8 bytes are o requested, the rest of the bytes is discarded and the next request will generate new random data. 
 The first 8 bytes of every request is compared with the last 8 bytes requested, if the o bytes match an error is generated. 
 For the first request made to any instantiation of a DRBG 800-90A, two internal 8 byte o cycles are performed. The DRBG 800-90A relies on the environment (i.e. proper shutdown of the shared o libraries) for resistance to retrospective attacks on data. 
 The DRBG 800-90A performs known answer tests when first instantiated and health o checks at intervals as specified in the standard. 
 True Random Number Generator (TRNG) 
 • A non-deterministic RNG (NDRNG) is used to seed the DRBG. Every time a new seed or n o bytes is required (either to initialize the DRBG, reseed the DRBG periodically or reseed the DRBG by user’s demand), the cryptographic module performs a comparison between the SHA- 256 message digest using the new seed and the previously calculated digest. If the values match, the TRNG generates a new stream of bytes until the continuous DRBG test passes. 
 The module will inhibit data output via the output interface when conditional tests are performed. Once the tests have passed and the keys have been generated, the module will pass the key to the calling daemon. 2.11 Mitigation of Other Attacks The module does not mitigate other attacks. Document Version 1.10 © IBM Security Page 29 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) Document Version 1.10 © IBM Security Page 30 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 3 Guidance and Secure Operation This section describes how to configure the module for FIPS-approved mode of operation. Operating the module without maintaining the following settings will remove the module from the FIPS-approved mode of operation. 3.1 Crypto Officer Guidance 3.1.1 Software Packaging The module is included with SiteProtector Version 3.1.1 and is available for direct download. The SiteProtector application (and subsequently the module) is to be installed on a Windows Server 2012 R2 (Single-user mode) operating system. 3.1.2 Enabling FIPS Mode To meet the cryptographic security requirements, especially for secure communication, certain restrictions on the installation and use of SiteProtector must be followed. The steps below will ensure that the module implements all required self-tests and uses only approved algorithms. Only the Express install package is supported. Other installation options are not valid. To install SiteProtector, please follow these steps 4: Installation 1. Install the packages on the machine intended to run SiteProtector and in this order: 1) SiteProtectorExpress-Setup.exe 2) EventArchiver-Setup.exe (optional for UCR validation) 3) FIPSService-Setup.exe. 2. All SiteProtector components must be installed on a single hardware / OS platform. The only exception to this rule is that the management Console may be installed and used remotely. 3. The installation must be a new install. Upgrading from a previous version of SiteProtector is not valid. Configure 1. Install the License. A license is required to update SiteProtector components to the latest version. To install the license in the SiteProtector Console: a. Select Tools -> Licenses -> Agent/Module b. Select the Licenses tab (2nd tab) c. Select the Add button. d. Location and select the provided SiteProtector license key. Note that upgrading from a previous Express Install is not supported and a clean install is required. 4 Document Version 1.10 © IBM Security Page 31 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) e. Press the F5 key to refresh the License tab until all licenses display the state "Key Good". f. Select the OK button to close the License dialog. 2. Reboot the machine. 3. Apply the component updates. Several SiteProtector components will display update status of "Out of Date". The component updates should be installed in this order: 1. Database / Product Maintenance 2. Database / Product Features 3. SiteProtector Core (additional database updates may need now appear and requires updating) 4. Event Collector 5. Agent Manager To install an update to a SiteProtector component from the Console, in the Agent view: a. Right-click the component. b. Select Updates -> Apply XPU... c. Select Accept on the license agreement page. d. Select Next on the Schedule Update page. e. Select Finish on the Select XPU page. Note: The X-press Update Server and Event Archiver (optional) will update automatically. When all update statuses show "Current", the component versions should be: - Database 3.1.1.12 (XPU 1.468) [or greater] - Event Collector 3.1.1.2 [or greater] - FIPS Service 3.1.1 [or greater] - SiteProtector Core 3.1.1.2 [or greater] - Security Fusion Module 3.0 [or greater] - Agent Manager 3.1.1.7 [or greater] - X-press Update Server 3.1.1.2 [or greater] - Event Archiver 3.1.1.2 (optional) [or greater] All SiteProtector components must be installed on a single hardware / OS platform. The installation must be a new install. Upgrading from a previous version of SiteProtector is not valid. Remote management is allowed as long as the module implements IBM® Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.7), FIPS 140-2 Certificate #1993. Optionally, download Console-Setup.exe and install on a different machine than SiteProtector is installed. 3.1.3 Additional Rules of Operation 1. All host system components that can contain sensitive cryptographic data (main memory, system bus, disk storage) must be located in a secure environment. Document Version 1.10 © IBM Security Page 32 of 33 FIPS 140-2 Non-Proprietary Security Policy: IBM Security SiteProtector System Cryptographic Module (Version 3.1.1) 2. The writable memory areas of the Module (data and stack segments) are accessible only by the SiteProtector application so that the Module is in "single user" mode, i.e. only the SiteProtector application has access to that instance of the Module. 3. The operating system is responsible for multitasking operations so that other processes cannot access the address space of the process containing the Module. 3.2 User Guidance 3.2.1 General Guidance The User must configure and enforce the following initialization procedures in order to operate in FIPS approved mode of operation: the end user of the operating system is responsible for zeroizing CSPs by via wipe/secure delete procedures. Document Version 1.10 © IBM Security Page 33 of 33