Yikes! What is that NIST Conformance Warning in Cognos?

August 7, 2019     Tips & Tricks

If you recently upgraded your Cognos BI Server to 11.1.2 or later, you might have noticed the following warning when starting up Cognos services:

Sounds serious, right? The good news is, it's easy to resolve this issue, but let’s first take a minute to better understand what this warning means.

What is NIST 131A conformance?

NIST stands for the National Institute of Standards and Technology and 131A is a security standard that strengthens security by requiring the use of stronger cryptographic keys and more robust algorithms.

At the start of the 21st century, NIST began the task of providing cryptographic key management guidance. It includes defining and implementing appropriate key management procedures, using algorithms that adequately protect sensitive information. It also includes planning ahead for possible changes in the use of cryptography because of algorithm breaks or the availability of more powerful computing techniques.

Why should I care?

Hacking stories and data breaches are in the news almost every day so it’s important to have your servers as secure as possible. Switching to a 256-bit key is a good step towards securing your sensitive data.

How do I change my PDF Confidentiality algorithm?
  1. First, you need to download some files and put them into your Cognos installation directory.

    Download the jurisdiction policy files needed to change your Cognos configuration settings.

    NOTE: These policy files are for the Cognos JRE that is used by default for a Cognos installation. If you are using a different JRE, you will need to download the correct policy files for that JRE.

  2. After you have the zip file, extract it

  3. Copy the files to your Cognos server and place them here

  4. After the files have been copied, open up Cognos Configuration and use the Explorer pane to navigate to Cognos Configuration > Cryptography > Cognos >

    In the window on the right, locate field PDF Confidentiality Algorithm. You should now have the option to change this to the 256-bit key. Do so now, then save and restart Cognos.

  5. The warning should now be gone, and your Cognos server should be that much more secure.
How can I get help with this or other Cognos server related issues?

If you need help with your Cognos environment or have questions, please contact us at Senturus. We’re long-time Cognos experts and IBM partners. We know our way around Cognos and can help you with any questions or issues you might be experiencing, ease your migration and pitch in with expert staffing.

/