Making the probe NIST compliant
The National Institute of Standards and Technology (NIST) defines standards for measuring equipment and procedures, quality control benchmarks for industrial processes, and experimental control samples. Products sold within US Federal markets must comply with SP800-131a.
You can configure the probe to support the NIST SP800-131a
security standard. SP800-131a requires longer key lengths and stronger
cryptography than other standards, for example, FIPS 140-2. SP800-131a
requires Transport Layer Security (TLS) V1.2. To make the probe NIST
compliant, there are two considerations:
- The vendor's EMS must be able to support the signature algorithm and key length that is NIST compliant. The key provided must be generated using the signature algorithm SHA2 (or above) with the RSA key length greater than or equal to 2048. This you must then convert into PKCS12 format before importing into the keystore using the IBM KeyMan utility. For details of the conversion and importing process, see SSL-based connectivity.
- The security protocol must be set to TLSv1.2 (or above). To specify that the probe uses protocol TLSv1.2, set the SecurityProtocol property accordingly.
Note: You can access the full SP800-131a standard at the following address:
http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf