The National Institute of Standards and Technology (NIST)
Special Publication 800-131A (SP800-131A) specifies the way that secure
communications should be handled. The standard strengthens algorithms
and increases key lengths to improve security. The SP800-131A standard
requires that users be configured for strict enforcement of the standard.
For more information about NIST 800-131A, see the following
website: http://csrc.nist.gov/publications/PubsSPs.html
To conform
to the NIST 800-131A standard, devices must meet the following criteria.
- Use Secure Sockets Layer (SSL) over the TLS v1.2 protocol.
- Use SHA-256 or stronger hashing functions for digital signatures
and SHA-1 or stronger hashing functions for other applications.
- Use RSA-2048 or stronger, or NIST approved Elliptic Curves that
are 224 bits or stronger
- Use NIST-approved symmetric encryption with keys at least 128
bits in length
- Use NIST-approved random number generators
- Where possible, support Diffie-Hellman and/or Elliptic Curve Diffie-Hellman
key exchange mechanisms
Adherence to NIST 800-131A in the Flex
System product family is controlled by settings on the management
server (either the Lenovo XClarity Administrator or the Flex System
Manager management node). Adherence to NIST 800-131A by the CMM and
chassis components, such as the IMM2 (X-Architecture compute nodes)
and FSP (Power Systems compute nodes) is controlled by settings on
the CMM.
Note: When a device is put under management by the Lenovo
XClarity Administrator, the management operation does not change the
crypto settings on the device. However, changing crypto settings on
the Lenovo XClarity Administrator will change the settings of all
devices managed at the time the crypto settings are changed.
For more information about implementing NIST 800-131A using
the Lenovo XClarity Administrator, see Implementing NIST 800-131A compliance using Lenovo
XClarity Administrator.
For a list of supported devices,
see Supported devices.