IBM Support

IBM Rational ClearQuest's support for NIST SP 800-131A guidelines

Technote (FAQ)


Question

What support does Rational ClearQuest provide for organizations wishing to comply with NIST SP 800-131A guidelines?

Cause

US. Government organizations might be required to support NIST SP 800-131A guidelines http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf. These guidelines place certain restrictions on the types of cryptographic algorithms that are used in application deployments.

Answer

If your organization must comply with NIST SP 800-131A guidelines, the following ClearQuest deployment configurations can help with compliance.


The following information can help you determine whether your ClearQuest deployment conforms to the NIST SP 800-131A guidelines:
  • ClearQuest cryptographic keys adhere to a minimum key strength of 112 bits for FIPS 140-2 conforming deployments.
  • ClearQuest does not provide digital signature capability as defined by the guidelines. Use of the ClearQuest eSignature package does not conform to the guidelines of a digital signature since it is not using digital certificates. The eSignature package should not be applied.
  • ClearQuest uses an approved Java random number generator.

Document information

More support for: Rational ClearQuest
Web Server (7.1)

Software version: 8.0.1.1

Operating system(s): AIX, Linux, Solaris, Windows

Reference #: 1649580

Modified date: 27 September 2013