IBM’s® z/OS® Version 1 R. 10 System SSL Cryptographic Module receives FIPS 140-2 certification
2010-09-23Austin, TX – IBM’s® z/OS® Version 1 R. 10 System SSL Cryptographic Module recently received FIPS 140-2 Level 1 certification. The successful certification is shown on the NIST website (certification number 1389).
For many companies, the single most important asset they have is information, and so it needs to be protected accordingly. Software companies understand this need, and help their customers secure valuable data using a variety of measures. IBM® z/OS® - one of the world’s most advanced operating systems - is no exception: having undergone numerous Common Criteria evaluations at high assurance levels, now it has added additional security assurances for one of its key cryptographic components.
Apostol Vassilev, CST laboratory manager for atsec, commented: “IBM z/OS is one of the most complex operating systems in the world, incorporating numerous advances in technologies intended to improve the scalability, performance, and security of the platform. As a result, the SystemSSL module is one of the most complex cryptographic modules ever validated under the FIPS 140-2 standard. It combines software, hardware, and firmware within the cryptographic boundary on the z/OS architecture and delivers an unprecedented level of cryptographic performance for a wide range of cryptographic services backed by equally strong security assurances provided by the FIPS 140-2 certification. The validation of the module required atsec testers to explore the full breadth and depth of the FIPS 140-2 standard, and take advantage of the flexibility it offers for modules of such high hybridization. I am very proud that the atsec CST Lab successfully completed this challenging project that showcases so vividly the high professionalism and dedication of our staff.”
The Federal Information Processing Standard 140-2 (FIPS 140-2) describes the US federal government’s requirements for IT products in sensitive, but unclassified use. It defines the security requirements that must be met by cryptographic modules used to protect unclassified data within IT systems. FIPS 140-2 is published by the National Institute of Standards and Technology (NIST). The certification is mandatory for cryptographic products used by the US Federal Government.
For more information about the FIPS 140-2 standard, please visit our website at http://www.atsec.com and the NIST website at http://www.nist.gov.
About atsec information security
atsec information security (www.atsec.com) is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich, Germany in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China. atsec's service include formal laboratory testing and evaluation, independent testing and evaluation as well as information security consultancy.
atsec offers cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada. atsec also offers formal testing under the NIST's PIV Program (NPIVP), Cryptographic Algorithm Validation Program (CAVP), Security Content Automation Protocol Program (SCAP), and product approval testing under the GSA FIPS 201 EP.
atsec works with leading global companies such as Apple, IBM, Hewlett and Packard, Honeywell, Patrick Townsend, Quantum Corporation, Red Hat, and ZTE Corporation.
