This page was not yet optimized for use on mobile
devices.
IBM® z/OS® Version 2 Release 4 ICSF PKCS #11 Cryptographic Module
Certificate #3909
Webpage information
Security policy
Symmetric Algorithms
AES, DES, Triple-DES, ChaCha20, Poly1305, HMACAsymmetric Algorithms
ECDSA, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA1, SHA-224, SHA-384, SHA-256, SHA-512, SHA2, MD5Schemes
MACProtocols
TLSRandomness
TRNG, DRBG, RNGElliptic Curves
P-224, P-256, P-384, P-521, P-192, Curve P-192, curve P-192, Curve25519Block cipher modes
ECB, CBC, CTR, GCMSecurity level
Level 1Certification process
out of scope, is running. Any firmware loaded into this module that is not shown on the module’s certificate is out of scope of this validation, and requires a separate FIPS 140-2 validation. 9.2 Module Configuration forStandards
FIPS 140-2, FIPS140-2, FIPS 186-4, FIPS 186-2, FIPS 180-4, FIPS 198-1, FIPS 197, FIPS186-4, SP 800-38F, SP 800-56A, SP 800-38D, SP 800-90A, SP 800-107, SP 800-133, SP 800-38A, SP 800-67, NIST SP 800-131A, SP 800-131A, NIST SP 800-90A, PKCS #11, PKCS#1, PKCS #1, PKCS#11, PKCS11, RFC 2104File metadata
| Title | ICSF-v2r4-Security-Policy-v1.4 |
|---|---|
| Author | Dick Sikkema |
| Creation date | D:20210406232918Z00'00' |
| Modification date | D:20210406232918Z00'00' |
| Pages | 42 |
| Creator | Word |
| Producer | macOS Version 10.14.6 (Build 18G8012) Quartz PDFContext |
References
Outgoing- 2691 - active - IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module [1], IBM® z/OS® Version 2 Release 2 Security Server RACF® Signature Verification Module [2], IBM® z/OS® Version 2 Release 3 Security Server RACF® Signature Verification Module [3] and IBM® z/OS® Version 2 Release 4 Security Server RACF® Signature Verification Module [4][5]
- 3919 - historical - IBM® z/OS® Version 2 Release 4 System SSL Cryptographic Module
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3909,
"dgst": "5c2e13bb6c475cb7",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"CVL#C1635",
"Triple-DES#C79",
"SHS#C1635",
"KTS#C79",
"KTS#C1635",
"RSA#C1634",
"CVL#C1637",
"RSA#C1635",
"DSA#C1635",
"RSA#C1637",
"HMAC#C1635",
"AES#C1635",
"AES#C79",
"DRBG#C1633",
"SHS#C79",
"DRBG#C1635",
"ECDSA#C1635"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"6.0.8"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"3919"
]
},
"directly_referencing": {
"_type": "Set",
"elements": [
"2691"
]
},
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"3919"
]
},
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2691"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"2691"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"3919"
]
},
"directly_referencing": {
"_type": "Set",
"elements": [
"2691"
]
},
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"3919"
]
},
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2691"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"2691"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDSA": {
"ECDSA": 15
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 23
},
"DSA": {
"DSA": 23
}
}
},
"certification_process": {
"OutOfScope": {
"is running. Any firmware loaded into this module that is not shown on the module\u2019s certificate is out of scope of this validation, and requires a separate FIPS 140-2 validation. 9.2 Module Configuration for": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 7
},
"CTR": {
"CTR": 6
},
"ECB": {
"ECB": 6
},
"GCM": {
"GCM": 6
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"TLS": {
"TLS": {
"TLS": 2
}
}
},
"crypto_scheme": {
"MAC": {
"MAC": 2
}
},
"device_model": {},
"ecc_curve": {
"Curve": {
"Curve25519": 1
},
"NIST": {
"Curve P-192": 2,
"P-192": 7,
"P-224": 8,
"P-256": 10,
"P-384": 8,
"P-521": 8,
"curve P-192": 1
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 9,
"#11": 157,
"#2691": 1
}
},
"fips_certlike": {
"Certlike": {
"HMAC-SHA2": 2,
"PKCS #1": 16,
"PKCS #11": 314,
"PKCS#1": 4,
"PKCS#11": 4,
"PKCS11": 4,
"RSA PKCS #1": 2,
"SHA- 384": 1,
"SHA-1": 7,
"SHA-224": 6,
"SHA-256": 8,
"SHA-384": 5,
"SHA-512": 12,
"SHA1": 1,
"SHA2": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 4
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 2
}
},
"SHA": {
"SHA1": {
"SHA-1": 7,
"SHA1": 1
},
"SHA2": {
"SHA-224": 8,
"SHA-256": 6,
"SHA-384": 7,
"SHA-512": 10,
"SHA2": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 21
},
"RNG": {
"RNG": 1
},
"TRNG": {
"TRNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 27,
"FIPS 180-4": 2,
"FIPS 186-2": 4,
"FIPS 186-4": 20,
"FIPS 197": 2,
"FIPS 198-1": 2,
"FIPS140-2": 2,
"FIPS186-4": 1
},
"NIST": {
"NIST SP 800-131A": 4,
"NIST SP 800-90A": 1,
"SP 800-107": 1,
"SP 800-131A": 8,
"SP 800-133": 1,
"SP 800-38A": 3,
"SP 800-38D": 2,
"SP 800-38F": 3,
"SP 800-56A": 4,
"SP 800-67": 2,
"SP 800-90A": 2
},
"PKCS": {
"PKCS #1": 9,
"PKCS #11": 157,
"PKCS#1": 2,
"PKCS#11": 2,
"PKCS11": 2
},
"RFC": {
"RFC 2104": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 38
}
},
"DES": {
"3DES": {
"Triple-DES": 13
},
"DES": {
"DES": 1
}
},
"constructions": {
"MAC": {
"HMAC": 16
}
},
"djb": {
"ChaCha": {
"ChaCha20": 1
},
"Poly": {
"Poly1305": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/AAPL:Keywords": "[]",
"/Author": "Dick Sikkema",
"/CreationDate": "D:20210406232918Z00\u002700\u0027",
"/Creator": "Word",
"/Keywords": "",
"/ModDate": "D:20210406232918Z00\u002700\u0027",
"/Producer": "macOS Version 10.14.6 (Build 18G8012) Quartz PDFContext",
"/Subject": "",
"/Title": "ICSF-v2r4-Security-Policy-v1.4",
"pdf_file_size_bytes": 888562,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 42
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "7763946f01fb42b113d7f2709b98360f16d8a3c9c5b68b1fbe77ef795093c941",
"policy_txt_hash": "d454627a0212549d00668b6668aeb04c552d47c19972e58e6441e1c41707c1c6"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode with module IBM(R) z/OS(R) Version 2 Release 4 Security Server RACF(R) Signature Verification Module validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/April 2021_030521_0757_signed.pdf",
"date_sunset": null,
"description": "ICSF is a software element of z/OS that works with hardware cryptographic features and the Security Server (RACF) to provide secure, high-speed cryptographic services in the z/OS environment. ICSF, which runs as a started task, provides the application programming interfaces by which applications request the cryptographic services.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "Feature 3863 (aka FC3863) with System Driver Level 32L [1], and Feature 3863 (aka FC3863) with System Driver Level 32L and CCA 6.0.8z [2]",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "COP chips integrated within processor unit [1] and COP chips integrated within processor unit and P/N 01PP167 [2]",
"level": 1,
"mentioned_certs": {
"2691": 1
},
"module_name": "IBM\u00ae z/OS\u00ae Version 2 Release 4 ICSF PKCS #11 Cryptographic Module",
"module_type": "Software-Hybrid",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": "ICSF level HCR77D0 with APAR OA58593",
"tested_conf": [
"IBM z/OS Version 2 Release 4 running on an IBM z14 with CP Assist for Cryptographic Functions [1]",
"IBM z/OS Version 2 Release 4 running on an IBM z14 with CP Assist for Cryptographic Functions with CEX6A [2] (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2021-04-26",
"lab": "atsec information security corporation",
"validation_type": "Initial"
}
],
"vendor": "IBM Corporation",
"vendor_url": "http://www.ibm.com"
}
}