AUSTIN, Texas--(BUSINESS WIRE)--After atsec information security finished testing of IBM’s z/OS Version 1 R. 11 System SSL and the ICSF PKCS#11 Cryptographic Modules, these products recently received a FIPS 140-2 Level 1 certification. The successful certifications are shown on the NIST CMVP validated products website (certification numbers 1470 and 1492).
The single most important asset that many companies have is information, and protecting it is a vital part of doing business. A variety of measures are available to meet this need, as technology companies work to help their customers secure valuable data. IBM z/OS is no exception, having undergone regular Common Criteria evaluations at high assurance levels since version 1 R 6. It now has supplied additional security assurance for its key cryptographic components.
Apostol Vassilev, CST laboratory manager for atsec, commented: “The ICSF PKCS#11 and System SSL modules provide the foundation for security services on the IBM z/OS v1 R11. Both IBM modules are hybrid, combining software, hardware, and firmware within the cryptographic boundary on the z/OS architecture. These modules provide a wide range of cryptographic services backed by the strong security assurances of the FIPS 140-2 certification. The validation of the module required atsec testers to explore the full breadth and depth of FIPS 140-2, which shows the flexibility and power of the standard to meet real-life challenges. I am very proud that the atsec CST Lab successfully completed these two complex projects that show the high professionalism and dedication of our staff.”
The Federal Information Processing Standard 140-2 (FIPS 140-2) describes the U.S. Federal Government’s requirements for IT products in sensitive, but unclassified use. It defines the security requirements that must be met by cryptographic modules used to protect unclassified data within IT systems. FIPS 140-2 is published by the National Institute of Standards and Technology (NIST). The certification is mandatory for cryptographic products used by the U.S. Federal Government.
For more information about the FIPS 140-2 standard, please visit our website at http://www.atsec.com and the NIST website at http://www.nist.gov.
About atsec information security
atsec information security (www.atsec.com) is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich, Germany in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China. atsec's services include formal laboratory testing and evaluation, independent testing and evaluation, as well as information security consultancy.
atsec offers cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada. atsec also offers formal testing under the NIST's PIV Program (NPIVP), Cryptographic Algorithm Validation Program (CAVP), Security Content Automation Protocol Program (SCAP), and product approval testing under the GSA FIPS 201 EP.
atsec works with leading global companies such as Apple, IBM, Hewlett and Packard, Honeywell, Patrick Townsend, Quantum Corporation, Red Hat, and ZTE Corporation.