This page was not yet optimized for use on mobile devices.
IBM® z/OS® Version 2 Release 4 ICSF PKCS #11 Cryptographic Module
Certificate #4591
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-, DES, Triple-DES, ChaCha20, Poly1305, HMACAsymmetric Algorithms
ECDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA1, SHA-224, SHA-384, SHA-256, SHA-512, MD5Schemes
MACProtocols
TLSRandomness
TRNG, DRBG, RNGElliptic Curves
P-224, P-256, P-384, P-521, P-192, Curve P-192, curve P-192, Curve25519Block cipher modes
ECB, CBC, CTR, GCMTrusted Execution Environments
SSCSecurity level
Level 1Certification process
out of scope, is running. Any firmware loaded into this module that is not shown on the module’s certificate is out of scope of this validation, and requires a separate FIPS 140-2 validation. 9.2 Module Configuration forStandards
FIPS 140-2, FIPS140-2, FIPS 186-4, FIPS 186-2, FIPS 180-4, FIPS 198-1, FIPS 197, FIPS186-4, SP 800-38F, SP 800-38D, SP 800-90A, SP 800-107, SP 800-38A, SP 800-67, NIST SP 800-131A, SP 800-131A, NIST SP 800-90A, PKCS #11, PKCS#1, PKCS #1, PKCS#11, PKCS11, RFC 3526, RFC 7919, RFC 2104File metadata
Title | ICSF-v2r4-Security-Policy_v.1.12 |
---|---|
Author | Dick Sikkema |
Creation date | D:20230821205924Z00'00' |
Modification date | D:20230821205924Z00'00' |
Pages | 41 |
Creator | Word |
Producer | macOS Version 11.7.9 (Build 20G1426) Quartz PDFContext |
References
Outgoing- 2691 - active - IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module [1], IBM® z/OS® Version 2 Release 2 Security Server RACF® Signature Verification Module [2], IBM® z/OS® Version 2 Release 3 Security Server RACF® Signature Verification Module [3] and IBM® z/OS® Version 2 Release 4 Security Server RACF® Signature Verification Module [4][5]
Heuristics ?
No heuristics are available for this certificate.
References ?
Updates ?
-
01.11.2023 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2023_101023_1100 signed (2).pdf
.
- The certificate_pdf_url property was set to
-
18.09.2023 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4591,
"dgst": "eabee6aaeeceb344",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"DSA#C1772",
"DRBG#C1763",
"RSA#C1799",
"SHS#C1772",
"SHS#A389",
"AES#C1772",
"Triple-DES#A389",
"RSA#C1766",
"AES#A389",
"RSA#C1772",
"KTS#C1772",
"KTS#A389",
"KAS-SSC#A2667",
"ECDSA#C1772",
"DRBG#C1772",
"KAS-SSC#A2666",
"HMAC#C1772"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"7.0.68"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"2691"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2691"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"2691"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"2691"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2691"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"2691"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 1
},
"ECDSA": {
"ECDSA": 14
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 12
},
"DSA": {
"DSA": 21
}
}
},
"certification_process": {
"OutOfScope": {
"is running. Any firmware loaded into this module that is not shown on the module\u2019s certificate is out of scope of this validation, and requires a separate FIPS 140-2 validation. 9.2 Module Configuration for": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 6
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"TLS": {
"TLS": {
"TLS": 2
}
}
},
"crypto_scheme": {
"MAC": {
"MAC": 2
}
},
"device_model": {},
"ecc_curve": {
"Curve": {
"Curve25519": 1
},
"NIST": {
"Curve P-192": 2,
"P-192": 5,
"P-224": 8,
"P-256": 12,
"P-384": 8,
"P-521": 8,
"curve P-192": 1
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 9,
"#11": 159,
"#2691": 1
}
},
"fips_certlike": {
"Certlike": {
"AES key 128, 192": 1,
"PKCS #1": 16,
"PKCS #11": 318,
"PKCS#1": 10,
"PKCS#11": 4,
"PKCS11": 4,
"RSA PKCS #1": 2,
"SHA-1": 6,
"SHA-224": 4,
"SHA-256": 7,
"SHA-384": 4,
"SHA-512": 11,
"SHA1": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 4
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 2
}
},
"SHA": {
"SHA1": {
"SHA-1": 6,
"SHA1": 1
},
"SHA2": {
"SHA-224": 6,
"SHA-256": 5,
"SHA-384": 6,
"SHA-512": 9
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 21
},
"RNG": {
"RNG": 1
},
"TRNG": {
"TRNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 28,
"FIPS 180-4": 2,
"FIPS 186-2": 6,
"FIPS 186-4": 14,
"FIPS 197": 3,
"FIPS 198-1": 2,
"FIPS140-2": 2,
"FIPS186-4": 1
},
"NIST": {
"NIST SP 800-131A": 4,
"NIST SP 800-90A": 1,
"SP 800-107": 1,
"SP 800-131A": 8,
"SP 800-38A": 6,
"SP 800-38D": 2,
"SP 800-38F": 3,
"SP 800-67": 3,
"SP 800-90A": 4
},
"PKCS": {
"PKCS #1": 9,
"PKCS #11": 159,
"PKCS#1": 5,
"PKCS#11": 2,
"PKCS11": 2
},
"RFC": {
"RFC 2104": 1,
"RFC 3526": 1,
"RFC 7919": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 35,
"AES-": 2
}
},
"DES": {
"3DES": {
"Triple-DES": 12
},
"DES": {
"DES": 1
}
},
"constructions": {
"MAC": {
"HMAC": 15
}
},
"djb": {
"ChaCha": {
"ChaCha20": 1
},
"Poly": {
"Poly1305": 1
}
}
},
"tee_name": {
"IBM": {
"SSC": 3
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Dick Sikkema",
"/CreationDate": "D:20230821205924Z00\u002700\u0027",
"/Creator": "Word",
"/ModDate": "D:20230821205924Z00\u002700\u0027",
"/Producer": "macOS Version 11.7.9 (Build 20G1426) Quartz PDFContext",
"/Title": "ICSF-v2r4-Security-Policy_v.1.12",
"pdf_file_size_bytes": 1996120,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 41
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "f09d3794a443a5987228dccca5ad00adb24dbd7afae30cc367059514d1a245c0",
"policy_txt_hash": "43b5c8daaa0aa332f5cc5d3e23307267909fb0135a267666fc271c99b1650aac"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode with module IBM(R) z/OS(R) Version 2 Release 4 Security Server RACF(R) Signature Verification Module validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2023_101023_1100 signed (2).pdf",
"date_sunset": "2026-05-09",
"description": "ICSF is a software element of z/OS that works with hardware cryptographic features and the Security Server (RACF) to provide secure, high-speed cryptographic services in the z/OS environment. ICSF, which runs as a started task, provides the application programming interfaces by which applications request the cryptographic services.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "Feature 3863 (aka FC3863) with System Driver Level 41C [1], and Feature 3863 (aka FC3863) with System Driver Level 41C and CCA 7.0.68z [2]",
"historical_reason": null,
"hw_versions": "COP chips integrated within processor unit [1] and COP chips integrated within processor unit and P/N 02WN654-N37880 (Low Power) [2]",
"level": 1,
"mentioned_certs": {
"2691": 1
},
"module_name": "IBM\u00ae z/OS\u00ae Version 2 Release 4 ICSF PKCS #11 Cryptographic Module",
"module_type": "Software-Hybrid",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "active",
"sw_versions": "ICSF level HCR77D0 with APAR OA63132",
"tested_conf": [
"IBM z/OS Version 2 Release 4 running on an IBM z15 with CP Assist for Cryptographic Functions [1]",
"IBM z/OS Version 2 Release 4 running on an IBM z15 with CP Assist for Cryptographic Functions with CEX7A [2] (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2023-09-11",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Initial"
}
],
"vendor": "IBM Corporation",
"vendor_url": "http://www.ibm.com"
}
}