Support for National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a
You can configure IBM® Sterling Control Center Monitor to support NIST SP800-131a. There are limitations on some connections when you configure IBM Sterling Control Center Monitor to support NIST SP800-131a.
NIST SP800-131a is a US government computer security standard that is used to accredit
cryptographic modules. There are three modes when you run SP800-131a in IBM Sterling Control Center
Monitor: off, transition, and strict. You
must add an entry to your IBM Sterling Control Center
Monitor
engine.properties to run SP800-131a. The default entry is
com.ibm.jsse2.sp800-131=off. To access the IBM Sterling Control Center
Monitor
engine.properties file, in the web console, go to your user ID, then click Menu button (
) >
System Settings > Properties > engine.properties.
- For compatibility with an earlier version of IBM Sterling Control Center Monitor, the new SHA-2 algorithm applies only to new passwords or any reset passwords.
- Running in SP800-131a transition mode means dropping SSLv3 and only TLS 1.0, TLS 1.1, or TLS 1.2 is allowed in a secure connection. Running in SP800-131a strict mode means only TLS 1.2 is allowed in a secure connection. For more information, see NIST SP800-131a security standards.
- Ensure IBM Sterling Control Center Monitor V6.0 runs with the default bundled IBM JRE 7 for comprehensive NIST SP800-131a support.
Limitations
- Oracle databases
- Microsoft SQL Server databases