IBM's® z/OS® Version 1 R. 12 System SSL Cryptographic Module Receives FIPS 140-2 Certification

Austin, TX – IBM's® z/OS® Version 1 R. 12 System SSL Cryptographic Module recently received FIPS 140-2 Level 1 certification. The successful certification is listed on the National Institute of Standards and Technology's (NIST) website (http://csrc.nist.gov/groups/STM/cmvp/validation.html, certification number 1600).

The security of information assets is an ongoing problem of increasing importance for many companies in view of the constant rise of threats. IBM® z/OS® - one of the world's most advanced operating systems – has shown persistent commitment to their customers by providing solid means for securing valuable data: having undergone numerous Common Criteria evaluations at high assurance levels and corresponding FIPS 140-2 validations of the critical cryptographic components within.

Apostol Vassilev, CST laboratory manager for atsec, commented: "The System SSL module is a part of the foundation for all security services on the IBM z/OS v1 R12 in the context of advanced and unique technologies intended to improve the scalability, performance, and security of the platform. It combines software, hardware, and firmware within the cryptographic boundary on the z/OS architecture and delivers a high-level of cryptographic performance for the range of supported cryptographic services backed by the strong security assurances provided by the FIPS 140-2 standard. The validation of this version of the module demonstrates IBM's commitment to the development of advanced technology compliant with established standards for the benefit of their user community. It also shows the ability of the atsec CST lab to perform this challenging validation of a fast-evolving module in its third validated edition within the bounds of the FIPS 140-2 standard."

The Federal Information Processing Standard 140-2 (FIPS 140-2) describes the U.S. Federal Government's requirements for IT products in sensitive, but unclassified use. It defines the security requirements that must be met by cryptographic modules used to protect unclassified data within IT systems. FIPS 140-2 is published by the National Institute of Standards and Technology (NIST). The certification is mandatory for cryptographic products used by the U.S. Federal Government.

For more information about the FIPS 140-2 standard, please visit our website at
http://www.atsec.com and the NIST website at www.nist.gov.

About atsec information security
atsec information security is an independent, standards-based information technology security services company with offices in the U.S., Germany, Sweden, and China. atsec's services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology, as well as information security consultancy.

atsec offers evaluation and testing services leading to formal certification of information security technology, including evaluations under Common Criteria schemes in the U.S., Germany, and Sweden. In addition, the atsec US organization operates a Cryptographic and Security Testing Laboratory accredited under the Cryptographic Module Validation and the Cryptographic Algorithm Validation Programs of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada for validating cryptographic modules under the FIPS 140-2 standard.

atsec is also an experienced Payment Card Industry (PCI) Security Standards Council Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and Payment Application Qualified Security Assessor (PA-QSA) and accredited as a third-party auditor for the North American Security Products Organization (NASPO).

We work with leading global companies such as Apple, IBM, Hewlett-Packard, Honeywell, Quantum Corporation, Red Hat, NationZ, Huawei, and ZTE Corporation.