Using MSMQ in NIST 800-131a compliance mode

NIST 800-131a strict compliance modes are not compatible with MSMQ server versions 1.0, 2.0, and 3.0. If you are using one of these server versions, you will need to upgrade for NIST 800-131a compliance.

The MSMQ Adapter and MSMQ Send Service support two encryption althorithms:

  • CALG_RC2 (default) - Non-compliant
  • CALG_RC4 - Non-compliant

If you are using MSMQ Server 4.0 or MSMQ server 5.0, you can use CALG_AES to support AES encryption for NIST 800-131a compliance.

Privacy level for encryption

These privacy levels are used to request encryption:
  • Non (default); non-compliant
  • Base (40-bit); non-compliant
  • Enhanced (128-bit, supported in MSMQ version 2.0 and later); compliant

GPM Configuration for MSMQ Adapter

When running in NIST 800-131a strict mode, the only values that appear for encryption parameters are those that are compliant with NIST 800-131a strict mode.

Communication Failures

When the MWMQ adapter communicates with non-compliant parameters in NIST 800-131a mode, the communication fails and the failure message is logged. If you receive an error, you must re-configure for NIST 800-131a compliance.