National Institute of Standards and Technology (NIST) overview

AS4 Microservice provides functionality to enable you to conform to the security requirements for the National Institute of Standards and Technology (NIST) standards.

The National Institute of Standards and Technology (NIST) specifies security requirements for applications. To conform to these standards, applications must use strengthened security by defining specific algorithms that can be used and the minimum strength of each algorithm. NIST specifies the cryptographic algorithms and key lengths that are required to remain compliant with NIST security standards.

For NIST compliance with AS4 Microservice, you must specify a higher key strength algorithm (for example, SHA256) in the conformance policy.

NIST compliance requires applications to discontinue the use of specific algorithms and key strengths. These algorithms and key strengths are not allowed for strict NIST compliance:

To verify NIST compliance when you are using digital certificates, ensure that the public key length is 2048 and the signature algorithm is SHA256withRSA.