Question & Answer
Question
How do I configure the TCP/IP stack to support FIPS 140?
Answer
To configure the TCP/IP stack to support FIPS 140:
If you are hard-coding the IPSec policy file, specify FIPS140 Yes on the IpFilterPolicy statement in the IPSec policy file for the stack.
Alternatively, if you are using the Configuration Assistant, configure the FIPS 140 option in the Advanced Stack Settings in the IPSec perspective.
After you have configured FIPS 140, restart the stack if it was active.
Then,
Ensure ICSF is active before starting AT-TLS groups configured to support FIPS140-2. At AT-TLS group activation time, you can verify that ICSF is active by confirming the issuance of message EZD1289I Tcpname ICSF SERVICES ARE CURRENTLY AVAILABLE FOR AT-TLS GROUP group_name .
If the CSFSERV class is defined, give READ access to the userid associated with the TCPIP stack and any application userid using the TTLSGroup to the CSFRNG resource within the RACF CSFSERV class.
If the CSFSERV class is defined and Diffie Hellman is being used, give READ access to the application userid to the CSF1TRC, CSF1DVK, CSF1GKP, CSF1GSK, CSF1GAV, and CSF1TRD resources within the RACF CSFSERV class
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
06 May 2015
UID
dwa1187047