The IBM PCIe Cryptographic Coprocessor Version 2 (PCIeCC2) is designed for improved performance and security rich services for your sensitive workloads, and to deliver high throughput for cryptographic functions. The PCIeCC2 is referred to as the IBM Crypto Express5S, or CEX5S, on IBM Z, as machine-type model 4767-002 on x64 systems, and as feature code EJ32/EJ33 on IBM Power.
Federal Information Processing Standards (FIPS) are issued by the U.S. National Institute of Standards and Technology (NIST). The PCIeCC2 cryptographic processes are performed within an enclosure on the HSM and are validated to FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Overall Security Level 4. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS certification number 3164 (Link resides outside ibm.com) on the Computer Security Resource Center website for the certification.
The IBM 4767 with IBM Enterprise PKCS#11 firmware is Common Criteria EAL4 Certified (Link resides outside ibm.com).
The IBM PCIeCC2 hardware with CCA firmware version 5.3 meets the requirements of the German Banking Industry Committee (GBIC) (Link resides outside ibm.com). The CCA release 5.3 provides sophisticated state-of-the-art protections for handling sensitive information like PIN data, cryptographic key data and account data. The HSM IBM Model 4767-002 CCA Release 5.3 implementation is compliant with GBIC's security requirements.
The PCIeCC2 is available on IBM Z mainframes (z14, z13s™, and z13® only), on x64 servers, and IBM Power Systems®: