Using MQFTE in NIST 800-131a compliance mode

Sterling B2B Integrator can be configured to transfer files in and out of WebSphere MQ File Transfer Edition Network using WMQFTE AgentAdapter and WMQFTE CreatTransferService.

Sterling File Gateway can also be integrated with Websphere MQFTE network with the configuration in File Gateway.

When performing Services configuration for MQFTE for NIST 800-131A compliance, only the ciphers that are NIST 800-131a compliant are available to select on the configuration page.

Note: Only TLS 1.2 is supported for NIST 800-131a compliance in strict mode. TLS level used is tied to the selected Cipher Suite and since there is no Cipher Suite to support TLS 1.2, it is not supported for NIST 800-131a compliance.

Before saving the configuration of your MQFTE adapter or MQFTE transfer service, verify that the certificate used in Key Store or SSL Cipher is NIST 800-131a compliant. If it is not compliant, a message appears, "Not NIST SP800-131a compliant" appears behind the non-compliant information.

If configured MQFTE adapter is non-NIST 800-131a compliant, the adapter is disabled.

If the configured MQFTE service is non-NIST 800-131a compliant, the service is disabled.

During runtime, the Cipher used in the MQFTE adapter and the MQFTE transfer service is verified for NIST 800-131a compliance. The Trust Store and the Key Store used for communicating the MQFTE network and FTP server are verified as well. If any certificate in the store is not NIST 800-131a compliant, the runtime will locate the non-compliance and the MQFTE agent adapter will fail to start and the MQFTE create transfer will fail.