Overview of NIST 800-131A

The National Institute of Standards and Technology (NIST) Special Publication 800-131A (SP800-131A) specifies the way that secure communications should be handled. The standard strengthens algorithms and increases key lengths to improve security. The SP800-131A standard requires that users be configured for strict enforcement of the standard.

For more information about NIST 800-131A, see the following website: http://csrc.nist.gov/publications/PubsSPs.html

To conform to the NIST 800-131A standard, devices must meet the following criteria.
  • Use Secure Sockets Layer (SSL) over the TLS v1.2 protocol.
  • Use SHA-256 or stronger hashing functions for digital signatures and SHA-1 or stronger hashing functions for other applications.
  • Use RSA-2048 or stronger, or NIST approved Elliptic Curves that are 224 bits or stronger
  • Use NIST-approved symmetric encryption with keys at least 128 bits in length
  • Use NIST-approved random number generators
  • Where possible, support Diffie-Hellman and/or Elliptic Curve Diffie-Hellman key exchange mechanisms
Adherence to NIST 800-131A in the Flex System product family is controlled by settings on the management server (either the Lenovo XClarity Administrator or the Flex System Manager management node). Adherence to NIST 800-131A by the CMM and chassis components, such as the IMM2 (X-Architecture compute nodes) and FSP (Power Systems compute nodes) is controlled by settings on the CMM.
Note: When a device is put under management by the Lenovo XClarity Administrator, the management operation does not change the crypto settings on the device. However, changing crypto settings on the Lenovo XClarity Administrator will change the settings of all devices managed at the time the crypto settings are changed.

For more information about implementing NIST 800-131A using the Lenovo XClarity Administrator, see Implementing NIST 800-131A compliance using Lenovo XClarity Administrator.

For a list of supported devices, see Supported devices.