April 20-24 2015, San Francisco
IBM’s® z/OS® Version 1 Release 13 System SSL Cryptographic Module Receives FIPS 140-2 Certification2012-03-16
Austin, TX – IBM’s® z/OS® Version 1 Release 13 System SSL Cryptographic Module recently received FIPS 140-2 Level 1 certification. The successful certification is listed on the National Institute of Standards and Technology’s (NIST) website (http://csrc.nist.gov/groups/STM/cmvp/validation.html, certification number 1692).
The security of information assets is an ongoing problem with increasing importance for many companies in view of the constantly growing threats. IBM® z/OS® - one of the world’s most advanced operating systems – has shown a persistent commitment to serving the security needs of their customers by providing solid means for protecting valuable data: having undergone numerous Common Criteria evaluations at high assurance levels and corresponding FIPS 140-2 validations of the critical cryptographic components within.
Apostol Vassilev, CST laboratory manager for atsec, commented: “The System SSL module is a part of the foundation for the security services on the IBM z/OS v1 R13. The module is capable of servicing the security needs of the operating system and applications on it with improved scalability and performance, while maintaining high security. It combines software, hardware, and firmware within its cryptographic boundary on the z/OS architecture and delivers a high-level of cryptographic performance for the portfolio of supported cryptographic services backed by the strong security assurances of the FIPS 140-2 standard. The successful completion of this project demonstrates the ability of the atsec Cryptographic and Security Testing lab to perform well in such challenging engagements that combine fast-evolving security technologies with the ever increasing rigor of enforcement of the FIPS 140-2 security requirements by the CMVP.”
The Federal Information Processing Standard 140-2 (FIPS 140-2) describes the U.S. Federal Government’s requirements for IT products in sensitive, but unclassified use. It defines the security requirements that must be met by cryptographic modules used to protect unclassified data within IT systems. FIPS 140-2 is published by the National Institute of Standards and Technology (NIST). The certification is mandatory for cryptographic products used by the U.S. Federal Government.
About atsec information security
atsec information security (www.atsec.com) is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich, Germany in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China. atsec's service include formal laboratory testing and evaluation, independent testing and evaluation as well as information security consultancy.
atsec offers cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada. atsec also offers formal testing under the NIST's PIV Program (NPIVP), Cryptographic Algorithm Validation Program (CAVP), Security Content Automation Protocol Program (SCAP), and product approval testing under the GSA FIPS 201 EP.
atsec works with leading global companies such as Apple, IBM, Hewlett and Packard, Honeywell, Patrick Townsend, Quantum Corporation, Red Hat, and ZTE Corporation.