Using MSMQ in NIST 800-131a compliance mode
NIST 800-131a strict compliance modes are not compatible with MSMQ server versions 1.0, 2.0, and 3.0. If you are using one of these server versions, you will need to upgrade for NIST 800-131a compliance.
The MSMQ Adapter and MSMQ Send Service support two encryption althorithms:
- CALG_RC2 (default) - Non-compliant
- CALG_RC4 - Non-compliant
If you are using MSMQ Server 4.0 or MSMQ server 5.0, you can use CALG_AES to support AES encryption for NIST 800-131a compliance.
Privacy level for encryption
- Non (default); non-compliant
- Base (40-bit); non-compliant
- Enhanced (128-bit, supported in MSMQ version 2.0 and later); compliant
GPM Configuration for MSMQ Adapter
When running in NIST 800-131a strict mode, the only values that appear for encryption parameters are those that are compliant with NIST 800-131a strict mode.
When the MWMQ adapter communicates with non-compliant parameters in NIST 800-131a mode, the communication fails and the failure message is logged. If you receive an error, you must re-configure for NIST 800-131a compliance.