NIST SP800-131a and Suite B support

Connect:Direct® supports a new standard from The National Institute of Standards and Technology (NIST), SP800-131a to extend the current FIPS standards, as well as Suite B cryptographic algorithms as specified by the National Institute of Standards and Technology (NIST).

The government of the Unites States of America produces technical advice on IT systems and security, including data encryption and has issued Special Publication SP800-131a that requires agencies from the Unites States of America to transition the currently-in-use cryptographic algorithms and key lengths to new, higher levels to strengthen security.

Applications must use strengthened security by defining specific algorithms that can be used and what their minimum strengths are. These standards specifies the cryptographic algorithms and key lengths that are required in order to remain compliant with NIST security standards.

To comply with the new requirements, IBM products with cryptographic functionality must:
  • Enable TLS 1.2 and be prepared to disable protocols less than TLS 1.2
  • Cryptographic keys adhere to a minimum key strength of 112 bits
  • Digital signatures are a minimum of SHA-2

The following is included in Secure Plus for NIST SP800-131a and Suite B support:

  • Support TLS 1.1 and 1.2 with SHA-2 cipher suites
  • Support for SP800-131a transition and strict modes
  • Support for NSA Suite B 128 and 192 bit cipher suites and modes
  • Support for IBM PKCS12 Keystore
  • Support migrating existing Secure+ certificates to the IBM PKCS12 Keystore

For more information on NIST security standards, see https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final.

For more information on Suite B security standards, see https://www.nsa.gov/Portals/70/documents/resources/everyone/csfc/capability-packages/dar-cp.pdf.