IBM Support

GSKit and Java related FIPS 140-2 compliance status with IBM Security Directory Server

Flashes (Alerts)


Abstract

NIST updates to FIPS 140-2 standards affects compliance status of IBM Security Directory Server provided GSKit and Java components.

Content

FIPS status of IBM Tivoli Directory Server provided GSKit V7 and IBM Java V5 components are impacted by NIST FIPS 140-2 standard updates.

Both GSKit V7 and IBM Java V5 will lose their FIPS compliance status by the end of 2015.

Reason: According to NIST FIPS 140-2 standard updates, by the end of 2015, the use of "IBMSecureRandom" and "non SP 800-90A compliant Random Number Generators" will result in non-compliance with "FIPS 140-2 random number rules" and "non SP 800-90A" respectively.

The following IBM Tivoli Directory Server Versions are affected:
IBM Tivoli Directory Server (TDS) V6.2, V6.1, V6.0 and V5.2.

Notes:
TDS V6.2, V6.1, V6.0 and V5.2 uses GSKit V7 for Secure Socket Layer (SSL/TLS) TCP/IP connections.
TDS V6.2 and V6.1 uses IBM Java V5 for utilities such as idsxinst, idsxcfg, idsldapdiff and JNDI toolkit.

In order to claim FIPS 140-2 compliance, Users must upgrade to the one of following SDS/TDS versions(at their latest fix levels) which use GSKit V8 and IBM Java V6 (or later)
IBM Security Directory Server (SDS) V6.4, V6.3.1 or TDS V6.3.

Refer to latest recommended fixes for SDS V6.4, V6.3.1, TDS V6.3 and corresponding GSKit V8 updates which also include security related fixes.

[{"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.0;6.1;6.2;6.3;6.3.1;6.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
25 September 2022

UID

swg21972268

Page Feedback