Requirements for FIPS

PKI Services provides the capability to execute securely to meet the National Institute Standards and Technology (NIST) Federal Information Processing Standards (FIPS) levels supported by System SSL and ICSF PKCS#11. System SSL supports 3 FIPS levels. Each level has different requirements on key size and signature algorithms. The FIPS level to be used by PKI Services is specified by the environment variable _PKISERV_FIPS_LEVEL:
  • Level 1 corresponds to FIPS 140-2.
  • Level 2 corresponds to SP800-131-A with exception.
  • Level 3 corresponds to SP800-131-A without exception.

Requirements for the CA certificate

Based on the requirements from System SSL, the CA certificate must meet the following requirements:
  • The key must not be stored in ICSF Public Key Data Set (PKDS)
  • The key cannot be a Brainpool ECC key.
  • For RSA and DSA key, key size must be at least 1024 bits (FIPS level 1) or 2048 bits (FIPS level 2 and 3); for NIST ECC key, key size must be at least 192 bits (FIPS level 1) or 224 (FIPS level 2 and 3).
  • The hash algorithm used in the signature on the CA certificate must be SHA1 or higher (FIPS level 1 and 2) or SHA224 (FIPS level 3) or higher.
Note: If the CA certificate is a DSA certificate generated by RACF® RACDCERT prior to z/OS® V2R2 or V2R2 without PTF UA80493 installed, it is not FIPS compliant. You will need to perform the REKEY and ROLLOVER process if you want to enable PKI Services to run in FIPS mode using the DSA CA certificate. This process is discuessed in the section Retiring and replacing the PKI Services CA private key.

Requirements for the RA certificate

When PKI Services is configured to provide SCEP processing and an RA certificate is specified, the RA certificate must meet the same requirements as a CA certificate using an RSA key for the desired FIPS level.

Requirements for the signing algorithm

The hash algorithm used by PKI Services to sign issued certificates and CRLs must be SHA or higher for FIPS level 1, or SHA224 or higher for FIPS level 2 and 3. This hash algorithm is specified by the SigAlg1 configuration keyword, described in Table 1.