SP800-131A compliance strengthens security by requiring the use of stronger cryptographic keys and more robust algorithms.
com.ibm.jsse2.sp800-131=<transition|strict|off>
Set
the property for the Java client application in local mode and the
Gateway daemon in remote mode. For strict support on an SSL connection
between a Java client application and the Gateway daemon, both the
Java client application and Gateway daemon must specify com.ibm.jsse2.sp800-131=strict.For strict support with .NET clients, the SslGatewayConnection must be configured to use TLS 1.2. This property can be set with the EnabledSslProtocols property or CtgSslProtocols application configuration setting.
If using Cipher suites that use AES_256 then the Gateway JVM must
be updated with the Unrestricted JCE policy files placed in the directory.
To obtain the Unrestricted JCE policy files and for more information,
see IBM SDK Policy Files
CICS Transaction Gateway supports SP800-131a strict mode on IPIC SSL connections in local and remote mode to CICS Transaction Server and TXSeries versions which also support SP800-131a strict mode. This includes support for requests from WebSphere Application Server using the CICS ECI resource adapter.
For more information, see the National Institute of Standards and
Technology (NIST) Special Publications 800-131a at http://csrc.nist.gov/publications/nistpubs/800-131A/SP800-131A.pdf