IBM Support

IBM Tivoli Directory Server support for NIST SP 800-131A

Product Lifecycle


Abstract

This tech note describes the configuration that is required in IBM Tivoli Directory Server V6.3.0.17 (and later fix levels) for the transition to NIST SP 800-131A.

Content

Overview
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131A guidelines provide cryptographic key management guidance. These guidelines include:

  • Key management procedures.
  • How to use cryptographic algorithms.
  • Algorithms to use and their minimum strengths.
  • Key lengths for secure communications.

Suite B mode is a restrictive subset of the SP 800-131A specification. Suite B defines the cryptographic algorithm policies to use with the Transport Layer Security (TLS) protocol for national security applications.

Government agencies and financial institutions use the NIST SP 800-131A guidelines to ensure that the products conform to specified security requirements.

Support for the transition to NIST SP 800-131A
For the transition to NIST SP 800-131A guidelines, IBM Tivoli Directory Server V6.3.0.17 (and later fix levels including the latest recommended fix level) supports:
  • The Transport Layer Security (TLS) 1.2 protocol.
  • Disabling protocols other than TLS 1.2.
  • Public keys with the following key strengths:
    • The RSA keys with a minimum size of 2048 bits.
    • The elliptic curve (EC) keys with a minimum size of 160-bits or curve p160.
  • Certificates with the RSA keys 2048-bits or higher or with the EC keys 160-bits or curve p160 or higher.
  • Digital signatures with a minimum of SHA2 encryption algorithm.
  • Setting the TLS 1.2 signature and hash algorithm restrictions.
  • Suite B mode.

For more information about how to configure Tivoli Directory Server, version 6.3.0.17 (and later fix levels) to support the transition to NIST SP 800-131A, see the Support for NIST SP 800-131A guide.

Support for NIST SP 800-131A.pdf Support for NIST SP 800-131A.pdf

Related Information

[{"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21610440