IBM Cloud Object Storage System’s™ FIPS Cryptographic Module

Certificate #4404

Webpage information ?

Status active
Validation dates 04.01.2023 , 05.06.2024
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat None
Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description Cryptographic module used for IBM’s Cloud Object Storage system components
Tested configurations
  • ClevOS 3.16 FIPS running on IBM A10 Series with Intel Xeon 6230N with PAA
  • ClevOS 3.16 FIPS running on IBM A10 Series with Intel Xeon 6230N without PAA
  • ClevOS 3.16 FIPS running on PIO-628U-TR4T+-ST031 with Intel Xeon E5-2620 with PAA
  • ClevOS 3.16 FIPS running on PIO-628U-TR4T+-ST031 with Intel Xeon E5-2620 without PAA (single-user mode)
  • ClevOS 3.16 FIPS running on PIO-648R-E1CR36L+-ST031 with Intel Xeon E5-2620 with PAA
  • ClevOS 3.16 FIPS running on PIO-648R-E1CR36L+-ST031 with Intel Xeon E5-2620 without PAA
Vendor IBM Corporation
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, AES-, TDEA, HMAC, HMAC-SHA-256, CMAC, CBC-MAC
Asymmetric Algorithms
ECDSA, ECC, Diffie-Hellman, DH, DSA
Hash functions
SHA-1, SHA-256, SHA-512, SHA-2, SHA3-256, SHA3-384, SHA3-512, SHA-3, SHA3, PBKDF
Schemes
Key Agreement
Protocols
SSH, TLS, TLSv1.2
Randomness
DRBG, RNG
Libraries
OpenSSL
Elliptic Curves
P-224, P-256, P-384, P-521
Block cipher modes
ECB, CBC, CTR, GCM, CCM

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS 180-4, FIPS 186-4, FIPS 197, FIPS 198-1, FIPS 198, FIPS 186-2, FIPS 202, SP 800-38B, SP 800-38C, SP 800-38D, SP 800-56A, SP 800-89, SP 800-90B, SP 800-131A, SP 180-135, SP 800-132, SP 800-107, SP 800-135, SP 800-52, NIST SP 800-38D, PKCS 1, RFC 5288

File metadata

Title Storage Pool Expansion Guide
Author IBM
Creation date D:20240530163911-04'00'
Modification date D:20240530163911-04'00'
Pages 25
Creator Microsoft® Word 2016
Producer Microsoft® Word 2016

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 04.07.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The validation_history property was updated, with the [[1, {'_type': 'sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry', 'date': '2024-06-05', 'validation_type': 'Update', 'lab': 'GOSSAMER SECURITY SOLUTIONS INC'}]] values inserted.

    The PDF extraction data was updated.

    • The policy_metadata property was updated, with the {'pdf_file_size_bytes': 1070986, 'pdf_number_of_pages': 25, '/CreationDate': "D:20240530163911-04'00'", '/ModDate': "D:20240530163911-04'00'"} data.

    The state was updated.

    • The policy_pdf_hash property was set to ed04a2d8f9387787c5babb6ea177da8ffa8e1e6c1ad3d0c14fe24727c6049384.
    • The policy_txt_hash property was set to b161d48efdb4bb112f7d979c4be778dc06167e324ed7993004d3a6d92076d6bb.
  • 09.02.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4404,
  "dgst": "3b96c7da8a601e35",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KAS-SSC#A2467",
        "CVL#A2467",
        "SHA-3#A2467",
        "AES#A2467",
        "RSA#A2467",
        "SHS#A2467",
        "PBKDF#A2467",
        "DRBG#A2466",
        "HMAC#A2467",
        "ECDSA#A2467",
        "DRBG#A2467",
        "DSA#A2467",
        "SHS#A2466"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDSA": {
            "ECDSA": 10
          }
        },
        "FF": {
          "DH": {
            "DH": 3,
            "Diffie-Hellman": 4
          },
          "DSA": {
            "DSA": 11
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CCM": {
          "CCM": 5
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 1
        },
        "GCM": {
          "GCM": 12
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 1
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 6
        },
        "TLS": {
          "TLS": {
            "TLS": 9,
            "TLSv1.2": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 3
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 16,
          "P-256": 16,
          "P-384": 12,
          "P-521": 14
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1,
          "#2466": 2
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES (256": 3,
          "AES 256": 1,
          "AES-256": 1,
          "HMAC-SHA- 256": 2,
          "HMAC-SHA-256": 6,
          "PKCS 1": 2,
          "SHA- 1": 1,
          "SHA-1": 7,
          "SHA-2": 2,
          "SHA-2 (256": 2,
          "SHA-256": 2,
          "SHA-3": 1,
          "SHA-512": 1,
          "SHA2- 384": 1,
          "SHA2-256": 5,
          "SHA2-384": 4,
          "SHA2-512": 9,
          "SHA3-(256": 1,
          "SHA3-256": 3,
          "SHA3-384": 3,
          "SHA3-512": 3,
          "SHS Cert. #2466": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 2
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 5
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 7
          },
          "SHA2": {
            "SHA-2": 4,
            "SHA-256": 2,
            "SHA-512": 1
          },
          "SHA3": {
            "SHA-3": 1,
            "SHA3": 1,
            "SHA3-256": 3,
            "SHA3-384": 3,
            "SHA3-512": 3
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 16
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 35,
          "FIPS 180-4": 3,
          "FIPS 186-2": 1,
          "FIPS 186-4": 6,
          "FIPS 197": 2,
          "FIPS 198": 1,
          "FIPS 198-1": 2,
          "FIPS 202": 1
        },
        "NIST": {
          "NIST SP 800-38D": 2,
          "SP 180-135": 1,
          "SP 800-107": 1,
          "SP 800-131A": 1,
          "SP 800-132": 1,
          "SP 800-135": 2,
          "SP 800-38B": 2,
          "SP 800-38C": 2,
          "SP 800-38D": 2,
          "SP 800-52": 1,
          "SP 800-56A": 1,
          "SP 800-89": 1,
          "SP 800-90B": 2
        },
        "PKCS": {
          "PKCS 1": 1
        },
        "RFC": {
          "RFC 5288": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 16,
            "AES-": 1,
            "AES-256": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1
          }
        },
        "constructions": {
          "MAC": {
            "CBC-MAC": 2,
            "CMAC": 8,
            "HMAC": 9,
            "HMAC-SHA-256": 3
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "IBM",
      "/CreationDate": "D:20240530163911-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word 2016",
      "/ModDate": "D:20240530163911-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word 2016",
      "/Title": "Storage Pool Expansion Guide",
      "pdf_file_size_bytes": 1070986,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://csrc.nist.gov/publications/detail/sp/800-90b/final",
          "http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf",
          "mailto:[email protected]",
          "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Arev1.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf",
          "http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
          "http://www.iups.org/media/meeting_minutes/C.pdf",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program",
          "mailto:[email protected]",
          "http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf",
          "http://csrc.nist.gov/groups/STM/cavp/documents/rng/931rngext.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November2006.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf",
          "http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf",
          "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
          "http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 25
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "ed04a2d8f9387787c5babb6ea177da8ffa8e1e6c1ad3d0c14fe24727c6049384",
    "policy_txt_hash": "b161d48efdb4bb112f7d979c4be778dc06167e324ed7993004d3a6d92076d6bb"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "None",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/January 2023_010223_0657_signed.pdf",
    "date_sunset": "2026-09-21",
    "description": "Cryptographic module used for IBM\u2019s Cloud Object Storage system components",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "IBM Cloud Object Storage System\u2019s\u2122 FIPS Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "2.0",
    "tested_conf": [
      "ClevOS 3.16 FIPS running on IBM A10 Series with Intel Xeon 6230N with PAA",
      "ClevOS 3.16 FIPS running on IBM A10 Series with Intel Xeon 6230N without PAA",
      "ClevOS 3.16 FIPS running on PIO-628U-TR4T+-ST031 with Intel Xeon E5-2620 with PAA",
      "ClevOS 3.16 FIPS running on PIO-628U-TR4T+-ST031 with Intel Xeon E5-2620 without PAA (single-user mode)",
      "ClevOS 3.16 FIPS running on PIO-648R-E1CR36L+-ST031 with Intel Xeon E5-2620 with PAA",
      "ClevOS 3.16 FIPS running on PIO-648R-E1CR36L+-ST031 with Intel Xeon E5-2620 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-01-04",
        "lab": "GOSSAMER SECURITY SOLUTIONS INC",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-06-05",
        "lab": "GOSSAMER SECURITY SOLUTIONS INC",
        "validation_type": "Update"
      }
    ],
    "vendor": "IBM Corporation",
    "vendor_url": "http://www.ibm.com"
  }
}