FIPS options for Managed File Transfer Platform Server for z/OS
Article ID: KB0072436
Updated On:
| Products | Versions |
|---|---|
| TIBCO Managed File Transfer Platform Server for zOS | All supported versions |
Description
The Platform Server for z/OS 8.1.0 August 2021 readme shows this information for FIPS support:
FIPS 140-2 Support
The IBM eServer Cryptographic Coprocessor Security Module –
Certificate No. 661 is required to run MFT Platform Server for z/OS
in FIPS mode. This module requires the use of one of the following
IBM 4764 co-processor boards:
- 4764-001 hw. 12R6536
- 4764-001 hw. 12R8241
- 4764-001 hw. 12R8561
- 4764-001 hw. 41U0438
The IBM eServer Cryptographic Coprocessor Security Module –
Certificate No. 661 is required to run MFT Platform Server for z/OS
in FIPS mode. This module requires the use of one of the following
IBM 4764 co-processor boards:
- 4764-001 hw. 12R6536
- 4764-001 hw. 12R8241
- 4764-001 hw. 12R8561
- 4764-001 hw. 41U0438
This information has been superseded by other FIPS certificates.
Issue/Introduction
This article describes the FIPS options for Managed File Transfer Platform Server for z/OS
Environment
All supported environments
Resolution
The following IBM hardware and software options are available for FIPS support:
Hardware FIPS 140 certificates:
Hardware FIPS 140 certificates:
Certificate Number: 4079 IBM 4769-001 Cryptographic Coprocessor Security Module
Certificate Number: 3410 IBM 4768 Cryptographic Coprocessor Security Module
Certificate Number: 3164 IBM 4767 Cryptographic Coprocessor Security Module
Certificate Number: 3410 IBM 4768 Cryptographic Coprocessor Security Module
Certificate Number: 3164 IBM 4767 Cryptographic Coprocessor Security Module
Software FIPS 140 certificates:
Certificate Number: 3937 z/OS® Version 2 Release 4 System SSL Cryptographic Module
Certificate Number: 3919 z/OS® Version 2 Release 4 System SSL Cryptographic Module
Certificate Number: 3557 z/OS® Version 2 Release 3 System SSL Cryptographic Module
Certificate Number: 3057 z/OS® Version 2 Release 2 System SSL Cryptographic Module
The following link can be used for FIPS 140 certificate lookup:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search
Certificate Number: 3919 z/OS® Version 2 Release 4 System SSL Cryptographic Module
Certificate Number: 3557 z/OS® Version 2 Release 3 System SSL Cryptographic Module
Certificate Number: 3057 z/OS® Version 2 Release 2 System SSL Cryptographic Module
The following link can be used for FIPS 140 certificate lookup:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search
Platform Server for z/OS Global FIPS parameter values
Note: There are two Platform Server for z/OS GLOBAL parameter values that define FIPS mode:
ENFORCE_SECURITY_POLICY=FIPS140
ENFORCE_SECURITY_POLICY=TLSFIPS
ENFORCE_SECURITY_POLICY=FIPS140
This forces FIPS for all transfers. This is fairly restrictive.
ENFORCE_SECURITY_POLICY=TLSFIPS
This tells the IBM SSL routines to run in FIPS 140 mode.
This allows NON-FIPS transfers to run.
Feedback
Yes
No
Powered by
