Federated ICAM Endpoint Cryptographic Requirements, v1.0
The cryptographic requirements for system endpoints deployed for use by NIEF trusted partners.
Assessment Steps (2)
1
Proper Use of TLS (ProperUseofTLS)
Is the system configured to use TLS and SSL correctly, as specified in the conformance criterion, to protect all of its protocol endpoints? Specifically, does the system first attempt to use TLS 1.2 or higher, and then attempt to use TLS 1.1 if necessary? Note that use of TLS 1.0 or SSL 3 is acceptable but not recommended, and use of SSL 2 is prohibited.
Artifact
TLS Scanner Report
Provide a TLS Scanner Report from Qualys Scanner or equivalent. See https://www.ssllabs.com/ssltest/index.html.
|
2
Proper Use of Hashing Algorithms (ProperUseofHashingAlgorithms)
Does the system use only SHA-256, SHA-384, and/or SHA-512 hashes for digital signatures?
Artifact
Hash Algorithm Artifact
Provide evidence (policies, procedures, samples, etc.) that the system uses only SHA-256, SHA-384, and/or SHA-512 hashes for digital signatures.
|
Conformance Criteria (2)
Proper Use of TLS
The system MUST conform to the following rules regarding negotiation and handling of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
Citation
NIEF
Discussion/Review
|
Proper Use of Hashing Algorithms
The system MUST use SHA-256, SHA-384, or SHA-512 for all hashes used with digital signatures. No other hash functions are permitted.
Citation
NIEF
Discussion/Review
|