NIST SP 800-131A security conformance

The National Institute of Standards and Technology Special Publication 800-131A (NIST SP 800-131A) is a United States government standard that provides guidance on the required security strength of cryptographic algorithms in a given cryptographic period.

NIST SP 800-131A defines which cryptographic algorithms are valid and which cryptographic algorithm parameter values are required to achieve a specific security strength in a specific time period. Starting in 2014, a minimum security strength of 112 bits is required when new data is processed or created. Existing data that is processed with a security strength of 80 bits should remain secure beyond 2014, subject to additional NIST standards with guidelines for managing secure data.

A cryptographic algorithm has a security strength of N bits if the most efficient attack requires 2^(N-1) attempts on average to crack the algorithm. For example, an exhaustive attack on an ideal symmetric encryption algorithm with a random key can be described as an attempt to decrypt the data by trying all possible key combinations. With an N bit key, the odds of guessing the right key are 50 percent with 2N-1 attempts. Not all cryptographic algorithms have keys. For those algorithms that have keys, the key length is not necessarily the same as the security strength. However, all cryptographic algorithms do have an estimated security strength, and it is measured in bits. The security strength of an application is limited by the lowest security strength of any cryptographic algorithm used.

Cryptographic algorithms are used for a number of applications, such as data security, data integrity, random data generation, key negotiation, key derivation, message digests, digital signatures, authentication of identities, and establishment of trust. Cryptographic algorithms are commonly used in networking protocols and data encryption implementations to prevent data from being accessed, modified, or falsified by malicious or unauthorized entities. The use of an appropriate security strength is a key element in ensuring the security of any application that uses cryptographic algorithms.

On network connections that use SSL/TLS protocols, 112-bit security has the following requirements:
  • The client and server must negotiate the use of TLS 1.2.
  • The client and server must negotiate an approved cipher suite that uses cryptographic algorithms with at least 112-bit security strength.
  • The client or server must limit hash and signature algorithms to provide at least 112-bit security strength; for example, the client must prevent the use of SHA-1 hashes.
  • Certificates that are used by the client or server must have public keys and digital signatures with at least 112-bit security strength, such as RSA-2048 keys with SHA-256 digital signatures.
  • Deterministic random bit generators (DRBGs) must use approved algorithms with a least 112-bit security strength and must be provided with entropy sources that have at least 112 bits of entropy.
Attention: Before you disable earlier SSL/TLS protocols on the storage systems, you must ensure that all external system networks connected to the DS8880 storage systems are enabled for TLS 1.2 and are NIST SP 800-131A compliant. Otherwise, network connection to these systems will be prohibited.

In general, storage systems allow the use of 112-bit security strengths if the other unit that is attached to the network connection supports 112-bit security strength. If security levels are set to conform with NIST SP 800-131A guidelines, the DS8880 storage system requires 112-bit security strength on all SSL/TLS connections, other than remote support network connections.

Earlier DS8000 models that preceded DS8870 do not conform with the NIST SP 800-131A security guidelines.

To enable NIST SP 800-131A security conformance in your environment, update the following entities. It might not be feasible to update all of these entities at the same time because of various dependencies. Therefore, you can upgrade them for NIST SP 800-131A security conformance independently of each other.
  • Encryption key servers
  • Remote authentication servers
  • DS Network Interface clients
  • DS Network Interface server
  • DS8000® Storage Management GUI and DS Service GUI servers
  • SMI-S agents