You have answered this question as unmet. Please explain why SDC is using key length that are shorter than those recommended by NIST. If SDC's use of keys is compliant with this requirement, please change the answer to Met.

The security mechanisms within the software produced by the project MUST use default keylengths that at least meet the NIST minimum requirements through the year 2030 (as stated in 2012). It MUST be possible to configure the software so that smaller keylengths are completely disabled. (N/A allowed.)