SP800-131 compliance
You can configure TADDM to support the National Institute of Standards and Technology (NIST) SP800-131a security standard.
SP800-131a security standard requires longer key lengths and stronger cryptography than other standards, for example FIPS 140-2 standard. It also requires Transport Layer Security (TLS) v1.2. For more information, see http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf.
To enable the SP800-131a mode, set the
com.ibm.jsse2.sp800-131 property
to strict in the following files:- $COLLATION_HOME/dist/etc/collation.properties
- $COLLATION_HOME/dist/sdk/etc/collation.properties
- sdk/etc/collation.properties of every TADDM SDK installation that connects to the SP800-131 compliant TADDM.
com.ibm.jsse2.sp800-131 property
is not set.The SP800-131a compliance mode is supported for the same types of TADDM discoveries as in case of FIPS mode.
In the SP800-131 mode, TADDM uses the most secure SSL protocol
(TLS v1.2) in encrypted communication. Make sure that the following
requirements are met.
- When you use Data Management Portal over Web SSL port (HTTPS), you must first configure your web browser to support the TLS v1.2 protocol.
- When you use TADDM SDK and Discovery Management Console in the secure mode, you must enable the TLS v1.2 protocol in your Java Runtime Environment. Additionally, only IBM Java is supported.
- When your SSL certificate does not comply with the SP800-131a standard, it needs to be re-created. For required steps, see Installing customized SSL certificates for use in TADDM.