<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] ([Suite B]) is a__ [Deprecated] __[National Security Agency] ([NSA]) recommended a set of interoperable [cryptographic] [algorithms] is replaced by [Commercial National Security Algorithm Suite] ([CNSA])


%%warning
[RFC 8423] titled: Reclassification of Suite B Documents to [Historic] Status
%%



[{$pagename}] standard specifies a mode of operation in which only a specific set of secure [cryptographic] [algorithms] are used. 

[{$pagename}] [Cryptographic Algorithms] are specified by the [National Institute of Standards and Technology] ([NIST]) and are used by [NSA]'s Information Assurance Directorate in solutions approved for protecting classified and unclassified [National Security] Systems (NSS).

[{$pagename}]: 
* [encryption] [algorithm] ([AES])
* [key-Exchange] [algorithm] ([Elliptic Curve] [Diffie-Hellman], also known as [ECDH])
* [digital Signature] [algorithm] ([Elliptic Curve Digital Signature Algorithm] ([ECDSA])
* [hash]ing [algorithms] ([SHA-256] or [SHA-384])

!! Additional [{$pagename}] items
* [NIST.SP.800-56A] - Recommendation for Pair-Wise [Key-Establishment] Schemes Using Discrete Logarithm [Cryptography]
* [IETF] has:
* [RFC 5759], Suite B Certificate and Certificate Revocation List (CRL) Profile
* [RFC 6239], Suite B Cryptographic Suites for Secure Shell (SSH)
* [RFC 6379], Suite B Cryptographic Suites for IPsec
* [RFC 6460], Suite B Profile for Transport Layer Security (TLS)

* [{$pagename}] compliant profile for use with [TLS 1.2]. When configured for Suite B compliant operation, only the restricted set of cryptographic algorithms listed above will be used.
* A transitional profile for use with [TLS 1.0] or [TLS 1.1]. This profile enables interoperability with non-[{$pagename}] compliant servers. When configured for [{$pagename}] transitional operation, additional encryption and hashing algorithms 
may be used.

[{$pagename}] standard is conceptually similar to [FIPS 140]-2, because it restricts the set of enabled [cryptographic] algorithms in order to provide an [Level Of Assurance].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [NSA_Suite_B_Cryptography|Wikipedia:NSA_Suite_B_Cryptography|target='_blank'] - based on information obtained 2018-10-03- 
* [#2] - [Commercial National Security Algorithm Suite|https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm|target='_blank'] - based on information obtained 2019-10-30 















</pre>