IBM Support

IBM Global Security Kit version 7.0 NIST FIPS 140-2 certification

Flashes (Alerts)


Abstract

As of the end of 2015 IBM Global Security Kit version 7.0 will no longer be able to claim NIST FIPS 140-2 certification.

Content

This flash is to notify all IBM Tivoli Access Manager for e-business customers about changes regarding the NIST FIPS 140-2 certification statement made against the IBM Global Security Kit version 7.0 component. These changes take effect at the end of 2015.


As of the end of 2015 IBM Global Security Kit version 7.0 will no longer be able to claim NIST FIPS 140-2 certification.


The NIST FIPS 140-2 standard is under constant review and refinement. From time to time, NIST changes the standard and impacts the FIPS status of IBM products.

As of the end of 2015, non SP 800-90A compliant Random Number Generators (RNG's) will be disallowed retroactively. Consequently, previous validations with non-compliant RNG's will have their FIPS certificate revoked. The following SP 800-131A statement specifically lists the revocation date:

"The use of the RNGs specified in FIPS 186-2, [X9.31] and ANS [X9.62] is deprecated from 2011 through December 31, 2015, and disallowed after 2015"

Full details can be found on page 8 of the NIST SP 800-131A guidance published at the following URL:

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf


The following is a list of the products that ARE affected by this update:

IBM Tivoli Access Manager for e-business 6.1.1
IBM Tivoli Access Manager for e-business 6.1.0
IBM Tivoli Access Manager for e-business 6.0.0


The following is a list of the products that ARE NOT affected by this update:

IBM Security Access Manager for Web 7.0.0 (Software)
IBM Security Access Manager for Web 7.0.0 (Appliance)

IBM Security Access Manager for Web/Mobile 8.0.0 (Appliance)
IBM Security Access Manager for Web/Mobile 8.0.1 (Appliance)

IBM Security Access Manager 9.0.0 (Appliance)


Required actions:

For all customers that have existing deployments of IBM Tivoli Access Manager for e-business versions 6.0.0, 6.1.0 and 6.1.1 and MUST retain NIST FIPS 140-2 certification, they MUST upgrade to IBM Security Access Manager for Web 7.0.0 or above to maintain this.

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Base","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0;6.1;6.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
25 September 2022

UID

swg21970914

Page Feedback