Table of Contents
Advertisement
v The client and server must negotiate an approved cipher suite that uses
cryptographic algorithms with at least 112-bit security strength.
v The client or server must limit hash and signature algorithms to provide at least
112-bit security strength; for example, the client must prevent the use of SHA-1
hashes.
v Certificates that are used by the client or server must have public keys and
digital signatures with at least 112-bit security strength, such as RSA-2048 keys
with SHA-256 digital signatures.
v Deterministic random bit generators (DRBGs) must use approved algorithms
with a least 112-bit security strength and must be provided with entropy sources
that have at least 112 bits of entropy.
To enable NIST SP 800-131A security conformance in your environment, update the
following entities. It might not be feasible to update all of these entities at the same
time because of various dependencies. Therefore, you can upgrade them for NIST
SP 800-131A security conformance independently of each other.
v Encryption key servers
v Remote authentication servers
v DS Network Interface clients
v DS Network Interface server
v DS8000 Storage Management GUI and DS Service GUI servers
v SMI-S agents
Attention: Before you disable earlier SSL/TLS protocols on the storage systems,
you must ensure that all external system networks connected to the DS8880 storage
systems are enabled for TLS 1.2 and are NIST SP 800-131A compliant. Otherwise,
network connection to these systems will be prohibited.
For information about configuring your environment for NIST SP 800-131A
conformance, see security best practices in the IBM DS8000 series online product
documentation ( http://www.ibm.com/support/knowledgecenter/ST5GLJ_8.1.0/
com.ibm.storage.ssic.help.doc/f2c_securitybp.html).
187
Chapter 9. Security
- Quick Links:
- Machine Types Overview
- Hardware
- Storage Enclosures
Hide quick links:
Advertisement
Table of Contents
