Table 184 describes the details of the SecurityPolicy [A] - Aes128-Sha256-RsaOaep. This security Facet defines a security policy for configurations with average security needs. It requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Servers and Clients support all security profiles and support configurability of actual exposed and default security policies.

Table 184 – SecurityPolicy [A] - Aes128-Sha256-RsaOaep

Group

Conformance Unit / Profile Title

Optional

Security

Aes128-Sha256-RsaOaep_Limits

False

Security

AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1

False

Security

AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256

False

Security

CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256

False

Security

KeyDerivationAlgorithm_P-SHA2-256

False

Security

Security Certificate Validation

False

Security

Security Encryption Required

False

Security

Security Signing Required

False

Security

SymmetricEncryptionAlgorithm_AES128-CBC

False

Security

SymmetricSignatureAlgorithm_HMAC-SHA2-256

False