Errata exists for this version of the document.
Table 184 describes the details of the SecurityPolicy [A] - Aes128-Sha256-RsaOaep. This security Facet defines a security policy for configurations with average security needs. It requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Servers and Clients support all security profiles and support configurability of actual exposed and default security policies.
Table 184 – SecurityPolicy [A] - Aes128-Sha256-RsaOaep
|
Group |
Conformance Unit / Profile Title |
Optional |
|
Security |
Aes128-Sha256-RsaOaep_Limits |
False |
|
Security |
AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1 |
False |
|
Security |
AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256 |
False |
|
Security |
CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256 |
False |
|
Security |
KeyDerivationAlgorithm_P-SHA2-256 |
False |
|
Security |
Security Certificate Validation |
False |
|
Security |
Security Encryption Required |
False |
|
Security |
Security Signing Required |
False |
|
Security |
SymmetricEncryptionAlgorithm_AES128-CBC |
False |
|
Security |
SymmetricSignatureAlgorithm_HMAC-SHA2-256 |
False |