Table 185 describes the details of the SecurityPolicy [B] – Basic256Sha256. This security Facet defines a security policy for configurations with high security needs. It requires a PKI infrastructure.As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provided recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Servers and Clients support all security profiles and developers provide the recommended profile as a default. It is up to an administrator to configure the actual exposed security policies.

Table 185 – SecurityPolicy [B] – Basic256Sha256

Group

Conformance Unit / Profile Title

Optional

Security

AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1

False

Security

AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256

False

Security

Basic256Sha256_Limits

False

Security

CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256

False

Security

KeyDerivationAlgorithm_P-SHA2-256

False

Security

Security Certificate Validation

False

Security

Security Encryption Required

False

Security

Security Signing Required

False

Security

SymmetricEncryptionAlgorithm_AES256-CBC

False

Security

SymmetricSignatureAlgorithm_HMAC-SHA2-256

False