diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c
index 8b5a4c3abd49d69dbfc04cb35aa36dff7e45f92a..1f5e71981c6ab2a279e40523fa938acd6ba03159 100644
--- a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c
+++ b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c
@@ -257,6 +257,9 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config,
 int mme_api_get_emm_config(mme_api_emm_config_t *config)
 #endif
 {
+#if defined(EPC_BUILD)
+    int i;
+#endif
     LOG_FUNC_IN;
 
     config->gummei.plmn.MCCdigit1 = 2;
@@ -275,6 +278,10 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config)
     if (mme_config_p->unauthenticated_imsi_supported != 0) {
         config->features |= MME_API_UNAUTHENTICATED_IMSI;
     }
+    for (i = 0 ; i < 8; i++) {
+        config->prefered_integrity_algorithm[i] = mme_config_p->nas_config.prefered_integrity_algorithm[i];
+        config->prefered_ciphering_algorithm[i] = mme_config_p->nas_config.prefered_ciphering_algorithm[i];
+    }
 #else
     config->features = MME_API_EMERGENCY_ATTACH | MME_API_UNAUTHENTICATED_IMSI;
 #endif
diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h
index d01c00f4f2770a717b549325915feb9626147441..353a1416e06ec7023f8f166ff5bd245b813640e6 100644
--- a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h
+++ b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h
@@ -89,6 +89,8 @@ typedef enum mme_api_ip_version_e {
 typedef struct mme_api_emm_config_s {
     mme_api_feature_t features; /* Supported features           */
     gummei_t          gummei;   /* EPS Globally Unique MME Identity */
+    uint8_t           prefered_integrity_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EIA0, etc
+    uint8_t           prefered_ciphering_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EEA0, etc
 } mme_api_emm_config_t;
 
 /*
diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c b/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c
index b7c49b27efa6ab420cf553adb13955555e56c2e0..0961f33a9082475ee861c6e19cb6c7325459d1f1 100644
--- a/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c
+++ b/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c
@@ -382,18 +382,20 @@ int nas_message_decode(
         LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT);
     }
     else if (size > 1) {
+        if (emm_security_context) {
 #if defined(NAS_MME)
-    	if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
-    	    emm_security_context->ul_count.overflow += 1;
-    	}
-    	emm_security_context->ul_count.seq_num = msg->header.sequence_number;
+            if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
+                emm_security_context->ul_count.overflow += 1;
+            }
+            emm_security_context->ul_count.seq_num = msg->header.sequence_number;
 
 #else
-    	if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) {
-    		emm_security_context->dl_count.overflow += 1;
-    	}
-    	emm_security_context->dl_count.seq_num = msg->header.sequence_number;
+            if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) {
+                emm_security_context->dl_count.overflow += 1;
+            }
+            emm_security_context->dl_count.seq_num = msg->header.sequence_number;
 #endif
+        }
         /* Compute offset of the sequence number field */
         int offset = size - sizeof(UInt8_t);
         /* Compute the NAS message authentication code */
diff --git a/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c b/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c
index 2277bb9bd34074fbfd1e81bca85248186055c3f7..2246dc2d9859ecbbfe603fb998f8e731815d2635 100644
--- a/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c
+++ b/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c
@@ -1127,36 +1127,33 @@ static int _security_select_algorithms(
 {
     LOG_FUNC_IN;
 
-    int rc            = RETURNerror;
-
-    /* TODO work with loaded preferences from config file */
-
-    if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA1)) {
-        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EIA1");
-        *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA1;
-    } else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA2)) {
-        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EIA2");
-        *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA2;
-    } else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA0)) {
-        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EIA0");
-        *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
-    } else {
-        LOG_FUNC_RETURN (rc);
+    int rc                = RETURNerror;
+    int preference_index;
+
+    *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
+    *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0;
+
+    for (preference_index = 0; preference_index < 8; preference_index++) {
+        if (ue_eiaP & (0x80 >> _emm_data.conf.prefered_integrity_algorithm[preference_index])) {
+            LOG_TRACE(DEBUG,
+                    "Selected  NAS_SECURITY_ALGORITHMS_EIA%d (choice num %d)",
+                    _emm_data.conf.prefered_integrity_algorithm[preference_index],
+                    preference_index);
+            *mme_eiaP = _emm_data.conf.prefered_integrity_algorithm[preference_index];
+            break;
+        }
     }
 
-    if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA0)) {
-            LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EEA0");
-            *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0;
-    } else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA1)) {
-            LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EEA1");
-            *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA1;
-    } else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA2)) {
-        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EEA2");
-        *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA2;
-    } else {
-        LOG_FUNC_RETURN (rc);
+    for (preference_index = 0; preference_index < 8; preference_index++) {
+        if (ue_eeaP & (0x80 >> _emm_data.conf.prefered_ciphering_algorithm[preference_index])) {
+            LOG_TRACE(DEBUG,
+                    "Selected  NAS_SECURITY_ALGORITHMS_EEA%d (choice num %d)",
+                    _emm_data.conf.prefered_ciphering_algorithm[preference_index],
+                    preference_index);
+            *mme_eeaP = _emm_data.conf.prefered_ciphering_algorithm[preference_index];
+            break;
+        }
     }
-
     LOG_FUNC_RETURN (RETURNok);
 }
 
diff --git a/openair-cn/UTILS/mme_config.c b/openair-cn/UTILS/mme_config.c
index 8cd1d3b48cd521b68d8494efcd01269cfd8fbab4..e955da5492bde1288683c337301c8292593d806b 100644
--- a/openair-cn/UTILS/mme_config.c
+++ b/openair-cn/UTILS/mme_config.c
@@ -331,6 +331,52 @@ static int config_parse_file(mme_config_t *mme_config_p)
                 free(cidr);
             }
         }
+
+        // NAS SETTING
+        setting = config_setting_get_member (setting_mme, MME_CONFIG_STRING_NAS_CONFIG);
+        if (setting != NULL) {
+            subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST);
+            if (subsetting != NULL) {
+                num     = config_setting_length(subsetting);
+                if (num <= 8) {
+                    for (i = 0; i < num; i++) {
+                        astring = config_setting_get_string_elem(subsetting, i);
+                        if (strcmp("EIA0", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+                        else if (strcmp("EIA1", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA1;
+                        else if (strcmp("EIA2", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA2;
+                        else if (strcmp("EIA3", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+                        else if (strcmp("EIA4", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+                        else if (strcmp("EIA5", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+                        else if (strcmp("EIA6", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+                        else if (strcmp("EIA7", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+                    }
+                    for (i = num; i < 8; i++) {
+                        mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+                    }
+                }
+            }
+            subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST);
+            if (subsetting != NULL) {
+                num     = config_setting_length(subsetting);
+                if (num <= 8) {
+                    for (i = 0; i < num; i++) {
+                        astring = config_setting_get_string_elem(subsetting, i);
+                        if (strcmp("EEA0", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+                        else if (strcmp("EEA1", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA1;
+                        else if (strcmp("EEA2", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA2;
+                        else if (strcmp("EEA3", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+                        else if (strcmp("EEA4", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+                        else if (strcmp("EEA5", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+                        else if (strcmp("EEA6", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+                        else if (strcmp("EEA7", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+                    }
+                    for (i = num; i < 8; i++) {
+                        mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+                    }
+                }
+            }
+
+        }
     }
 
     setting = config_lookup(&cfg, SGW_CONFIG_STRING_SGW_CONFIG);
diff --git a/openair-cn/UTILS/mme_config.h b/openair-cn/UTILS/mme_config.h
index 400b85b3ef2422662dce6dfbf55a35c628b926a4..ad7fdbafaff96f70c86b8254059caf8cf4ebe495 100644
--- a/openair-cn/UTILS/mme_config.h
+++ b/openair-cn/UTILS/mme_config.h
@@ -76,6 +76,25 @@
 #define MME_CONFIG_STRING_ASN1_VERBOSITY_ANNOYING             "annoying"
 #define MME_CONFIG_STRING_ASN1_VERBOSITY_INFO                 "info"
 
+#define MME_CONFIG_STRING_NAS_CONFIG                    "NAS"
+#define MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST  "ORDERED_SUPPORTED_INTEGRITY_ALGORITHM_LIST"
+#define MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST  "ORDERED_SUPPORTED_CIPHERING_ALGORITHM_LIST"
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA0    0b000
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA1    0b001
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA2    0b010
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA3    0b011
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA4    0b100
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA5    0b101
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA6    0b110
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA7    0b111
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA0    0b000
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA1    0b001
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA2    0b010
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA3    0b011
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA4    0b100
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA5    0b101
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA6    0b110
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA7    0b111
 
 typedef struct mme_config_s {
     /* Reader/writer lock for this configuration */
@@ -140,6 +159,12 @@ typedef struct mme_config_s {
         uint32_t  queue_size;
         char     *log_file;
     } itti_config;
+
+    struct {
+        uint8_t prefered_integrity_algorithm[8];
+        uint8_t prefered_ciphering_algorithm[8];
+    } nas_config;
+
 } mme_config_t;
 
 extern mme_config_t mme_config;