Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

FIPS 140-2 Compliance Considerations on z/OS

FIPS 140-2 Compliance Considerations on z/OS

FIPS 140-2 level 1 support in z/OS System SSL requires z/OS 1.10 with the fixes for APAR OA26457, or z/OS 1.11 or later. Additional fixes and z/OS configuration changes are also required.
In particular, the operating system must include the Cryptographic Services Security Level 3 (FMID JCPT391) component of z/OS System SSL.
z/OS AT-TLS uses z/OS System SSL. For z/OS 1.12 and later, AT-TLS provides the following features in support of FIPS 140-2 compliance:
  • A configuration parameter to request that System SSL uses only FIPS 140-2 compliant encryption methods
  • Symbolic names for recent encryption methods such as those using AES-256 bit encryption
For earlier version of z/OS, you can enforce the use of FIPS-compliant encryption by specifying the candidate encryption methods as hexadecimal codes rather than symbolic names.
For more information about achieving FIPS 140-2 Level 1 compliance with System SSL, see the following IBM publications:
  • Cryptographic Services System Secure Sockets Layer Programming
  • APAR OA26457 System Secure Sockets Layer Programming