NIST SP800-131A compliance in Remote Control

Remote Control version 10.0.0 components can be configured for NIST SP800-131A compliance.

The National Institute of Standards and Technology (NIST) Special Publications (SP) 800-131A standard strengthens algorithms and increases the cryptographic key lengths to improve security.

The following prerequisites are required:

  • Ensure that all keys have at least a key security strength greater than or equal to 112 bits. RSA keys must be at least 2048 bits.
  • Ensure that all certificates are created with the new key strengths. Any RSA certificates that use keys shorter than 2048 bits must be replaced with a certificate that uses 2048-bit keys or higher.
  • Ensure that all certificates are signed by an allowed signature algorithm of minimum SHA-2.
When you enable NIST SP800-131A compliance, the TLSv1.2 protocol is used for providing secure connections. Therefore, you must ensure that your browser is compatible.
Table 1. Browser compatibility for TLSv1.2The following table provides information about the supported browser versions that are compatible with TLSv1.2.
TLSv1.2 not supported TLSv1.2 supported but disabled but default TLSv1.2 supported and enabled by default
Internet Explorer All versions of IE on Windows XP and Windows Vista operating systems (IE6, IE7, IE8, IE9) IE8, IE9, IE10 on Windows 7 and Windows 8 operating system. IE11 on Windows 7 operating system and later
Firefox <24 24 >24

Compliance with NIST SP800-131A also requires that the cryptographic provider is FIPS 140-2 certified. When SP800-131A compliance is enabled, FIPS 140-2 compliance is enabled automatically, even when it is disabled in the settings.

For NIST SP800-131A compliance, you must configure all your components. There is no compatibility with earlier versions of the components.

Note: There is no support for NIST SP800-131A with Oracle JVMs. Therefore, to take advantage of the NIST support, you must install the stand-alone controller component.