diff --git a/hal_st/middlewares/STM32_WPAN/STM32CubeWB/ble/core/ble_defs.h b/hal_st/middlewares/STM32_WPAN/STM32CubeWB/ble/core/ble_defs.h
index 860f5f4f..d5beda62 100644
--- a/hal_st/middlewares/STM32_WPAN/STM32CubeWB/ble/core/ble_defs.h
+++ b/hal_st/middlewares/STM32_WPAN/STM32CubeWB/ble/core/ble_defs.h
@@ -499,6 +499,12 @@
 #define AUTHORIZATION_NOT_REQUIRED                 0x00U
 #define AUTHORIZATION_REQUIRED                     0x01U
 
+/* Secure Connections Support
+ */
+#define SECURE_NOT_SUPPORTED                       0x00
+#define SECURE_OPTIONAL                            0x01
+#define SECURE_MANDATORY                           0x02
+
 /* Connection authorization
  */
 #define CONNECTION_AUTHORIZED                      0x01U
diff --git a/hal_st/middlewares/ble_middleware/GapCentralSt.cpp b/hal_st/middlewares/ble_middleware/GapCentralSt.cpp
index e90bf08d..cc985f38 100644
--- a/hal_st/middlewares/ble_middleware/GapCentralSt.cpp
+++ b/hal_st/middlewares/ble_middleware/GapCentralSt.cpp
@@ -291,7 +291,8 @@ namespace hal
         aci_gatt_update_char_value(gapServiceHandle, gapAppearanceCharHandle, 0, sizeof(gapService.appearance), reinterpret_cast<const uint8_t*>(&gapService.appearance));
 
         SetIoCapabilities(services::GapPairing::IoCapabilities::none);
-        SetSecurityMode(services::GapPairing::SecurityMode::mode1, services::GapPairing::SecurityLevel::level1);
+        SetManInTheMiddleMode(services::GapPairing::ManInTheMiddleMode::disabled);
+        SetSecureConnectionMode(services::GapPairing::SecureConnectionMode::disabled);
         hci_le_set_default_phy(allPhys, speed2Mbps, speed2Mbps);
     }
 
diff --git a/hal_st/middlewares/ble_middleware/GapPeripheralSt.cpp b/hal_st/middlewares/ble_middleware/GapPeripheralSt.cpp
index 6e456b24..6b10712b 100644
--- a/hal_st/middlewares/ble_middleware/GapPeripheralSt.cpp
+++ b/hal_st/middlewares/ble_middleware/GapPeripheralSt.cpp
@@ -183,7 +183,8 @@ namespace hal
         aci_gatt_update_char_value(gapServiceHandle, gapAppearanceCharHandle, 0, sizeof(gapService.appearance), reinterpret_cast<const uint8_t*>(&gapService.appearance));
 
         SetIoCapabilities(services::GapPairing::IoCapabilities::none);
-        SetSecurityMode(services::GapPairing::SecurityMode::mode1, services::GapPairing::SecurityLevel::level1);
+        SetManInTheMiddleMode(services::GapPairing::ManInTheMiddleMode::disabled);
+        SetSecureConnectionMode(services::GapPairing::SecureConnectionMode::disabled);
 
         hci_le_write_suggested_default_data_length(services::GapConnectionParameters::connectionInitialMaxTxOctets, services::GapConnectionParameters::connectionInitialMaxTxTime);
         hci_le_set_default_phy(allPhys, speed2Mbps, speed2Mbps);
diff --git a/hal_st/middlewares/ble_middleware/GapSt.cpp b/hal_st/middlewares/ble_middleware/GapSt.cpp
index b0a96755..f8a5ac73 100644
--- a/hal_st/middlewares/ble_middleware/GapSt.cpp
+++ b/hal_st/middlewares/ble_middleware/GapSt.cpp
@@ -1,5 +1,6 @@
 #include "hal_st/middlewares/ble_middleware/GapSt.hpp"
 #include "ble_gap_aci.h"
+#include "ble_types.h"
 #include "services/ble/Gap.hpp"
 
 namespace hal
@@ -96,21 +97,49 @@ namespace hal
         aci_gap_send_pairing_req(connectionContext.connectionHandle, NO_BONDING);
     }
 
-    void GapSt::SetSecurityMode(services::GapPairing::SecurityMode mode, services::GapPairing::SecurityLevel level)
+    void GapSt::SetManInTheMiddleMode(services::GapPairing::ManInTheMiddleMode mitmMode)
     {
-        assert(mode == services::GapPairing::SecurityMode::mode1);
+        auto selectedMitmMode = this->mitmMode;
+        switch (mitmMode)
+        {
+            case services::GapPairing::ManInTheMiddleMode::disabled:
+                selectedMitmMode = MITM_PROTECTION_NOT_REQUIRED;
+                break;
+            case services::GapPairing::ManInTheMiddleMode::supported:
+                selectedMitmMode = MITM_PROTECTION_NOT_REQUIRED;
+                break;
+            case services::GapPairing::ManInTheMiddleMode::enforced:
+                selectedMitmMode = MITM_PROTECTION_REQUIRED;
+                break;
+            default:
+                std::abort();
+        }
+        this->mitmMode = selectedMitmMode;
+
+        aci_gap_set_authentication_requirement(bondingMode, this->mitmMode, this->secureConnectionSupport, keypressNotificationSupport, 16, 16, 0, 111111, GAP_PUBLIC_ADDR);
+    }
 
-        enum class SecureConnection : uint8_t
+    void GapSt::SetSecureConnectionMode(services::GapPairing::SecureConnectionMode connectionMode)
+    {
+        auto selectedConnectionMode = this->secureConnectionSupport;
+        switch (connectionMode)
         {
-            notSupported = 0,
-            optional = 1,
-            mandatory
-        };
+            case services::GapPairing::SecureConnectionMode::disabled:
+                selectedConnectionMode = SECURE_NOT_SUPPORTED;
+                break;
+            case services::GapPairing::SecureConnectionMode::supported:
+                selectedConnectionMode = SECURE_OPTIONAL;
+                break;
+            case services::GapPairing::SecureConnectionMode::enforced:
+                selectedConnectionMode = SECURE_MANDATORY;
+                break;
+            default:
+                std::abort();
+        }
 
-        SecureConnection secureConnectionSupport = (level == services::GapPairing::SecurityLevel::level4) ? SecureConnection::mandatory : SecureConnection::optional;
-        uint8_t mitmMode = (level == services::GapPairing::SecurityLevel::level3 || level == services::GapPairing::SecurityLevel::level4) ? 1 : 0;
+        this->secureConnectionSupport = selectedConnectionMode;
 
-        aci_gap_set_authentication_requirement(bondingMode, mitmMode, static_cast<uint8_t>(secureConnectionSupport), keypressNotificationSupport, 16, 16, 0, 111111, GAP_PUBLIC_ADDR);
+        aci_gap_set_authentication_requirement(bondingMode, this->mitmMode, this->secureConnectionSupport, keypressNotificationSupport, 16, 16, 0, 111111, GAP_PUBLIC_ADDR);
     }
 
     void GapSt::SetIoCapabilities(services::GapPairing::IoCapabilities caps)
diff --git a/hal_st/middlewares/ble_middleware/GapSt.hpp b/hal_st/middlewares/ble_middleware/GapSt.hpp
index 9eb273b5..32557ded 100644
--- a/hal_st/middlewares/ble_middleware/GapSt.hpp
+++ b/hal_st/middlewares/ble_middleware/GapSt.hpp
@@ -2,11 +2,13 @@
 #define HAL_ST_GAP_ST_HPP
 
 #include "ble/ble.h"
+#include "ble_defs.h"
 #include "hal_st/middlewares/ble_middleware/HciEventObserver.hpp"
 #include "infra/util/BoundedString.hpp"
 #include "services/ble/BondStorageSynchronizer.hpp"
 #include "services/ble/Gap.hpp"
 #include "services/ble/Gatt.hpp"
+#include <cstdint>
 
 namespace hal
 {
@@ -49,8 +51,11 @@ namespace hal
 
         // Implementation of GapPairing
         void Pair() override;
-        void SetSecurityMode(services::GapPairing::SecurityMode mode, services::GapPairing::SecurityLevel level) override;
-        void SetIoCapabilities(services::GapPairing::IoCapabilities caps) override;
+
+        void SetManInTheMiddleMode(ManInTheMiddleMode mitmMode) override;
+        void SetSecureConnectionMode(SecureConnectionMode connectionMode) override;
+
+        void SetIoCapabilities(IoCapabilities caps) override;
         void AuthenticateWithPasskey(uint32_t passkey) override;
         void NumericComparisonConfirm(bool accept) override;
 
@@ -60,17 +65,17 @@ namespace hal
         virtual void HandleHciDisconnectEvent(hci_event_pckt& eventPacket);
 
         virtual void HandleHciLeConnectionCompleteEvent(evt_le_meta_event* metaEvent);
-        virtual void HandleHciLeAdvertisingReportEvent(evt_le_meta_event* metaEvent){};
-        virtual void HandleHciLeConnectionUpdateCompleteEvent(evt_le_meta_event* metaEvent){};
-        virtual void HandleHciLeDataLengthChangeEvent(evt_le_meta_event* metaEvent){};
-        virtual void HandleHciLePhyUpdateCompleteEvent(evt_le_meta_event* metaEvent){};
+        virtual void HandleHciLeAdvertisingReportEvent(evt_le_meta_event* metaEvent) {};
+        virtual void HandleHciLeConnectionUpdateCompleteEvent(evt_le_meta_event* metaEvent) {};
+        virtual void HandleHciLeDataLengthChangeEvent(evt_le_meta_event* metaEvent) {};
+        virtual void HandleHciLePhyUpdateCompleteEvent(evt_le_meta_event* metaEvent) {};
         virtual void HandleHciLeEnhancedConnectionCompleteEvent(evt_le_meta_event* metaEvent);
 
         virtual void HandlePairingCompleteEvent(evt_blecore_aci* vendorEvent);
         virtual void HandleBondLostEvent(evt_blecore_aci* vendorEvent);
-        virtual void HandleGapProcedureCompleteEvent(evt_blecore_aci* vendorEvent){};
-        virtual void HandleGattCompleteEvent(evt_blecore_aci* vendorEvent){};
-        virtual void HandleL2capConnectionUpdateRequestEvent(evt_blecore_aci* vendorEvent){};
+        virtual void HandleGapProcedureCompleteEvent(evt_blecore_aci* vendorEvent) {};
+        virtual void HandleGattCompleteEvent(evt_blecore_aci* vendorEvent) {};
+        virtual void HandleL2capConnectionUpdateRequestEvent(evt_blecore_aci* vendorEvent) {};
         virtual void HandleMtuExchangeResponseEvent(evt_blecore_aci* vendorEvent);
 
         void SetAddress(const MacAddress& address, services::GapDeviceAddressType addressType);
@@ -104,14 +109,14 @@ namespace hal
 
         const uint8_t ioCapability = IO_CAP_NO_INPUT_NO_OUTPUT;
         const uint8_t bondingMode = BONDING;
-        const uint8_t mitmMode = MITM_PROTECTION_NOT_REQUIRED;
-        const uint8_t secureConnectionSupport = 0x01; /* Secure Connections Pairing supported but optional */
         const uint8_t keypressNotificationSupport = KEYPRESS_SUPPORTED;
         static constexpr uint8_t maxNumberOfBonds = 10;
 
     private:
         services::BondStorageSynchronizer& bondStorageSynchronizer;
         uint16_t maxAttMtu = defaultMaxAttMtuSize;
+        uint8_t mitmMode = MITM_PROTECTION_NOT_REQUIRED;
+        uint8_t secureConnectionSupport = SECURE_OPTIONAL;
     };
 }
 
diff --git a/hal_st/middlewares/ble_middleware/TracingGapCentralSt.cpp b/hal_st/middlewares/ble_middleware/TracingGapCentralSt.cpp
index 0f4b30ea..20462e0c 100644
--- a/hal_st/middlewares/ble_middleware/TracingGapCentralSt.cpp
+++ b/hal_st/middlewares/ble_middleware/TracingGapCentralSt.cpp
@@ -93,10 +93,16 @@ namespace hal
         GapCentralSt::Pair();
     }
 
-    void TracingGapCentralSt::SetSecurityMode(services::GapPairing::SecurityMode mode, services::GapPairing::SecurityLevel level)
+    void TracingGapCentralSt::SetManInTheMiddleMode(services::GapPairing::ManInTheMiddleMode mitmMode)
     {
-        tracer.Trace() << "TracingGapCentralSt::SetSecurityMode";
-        GapCentralSt::SetSecurityMode(mode, level);
+        tracer.Trace() << "TracingGapCentralSt::SetManInTheMiddleMode";
+        GapCentralSt::SetManInTheMiddleMode(mitmMode);
+    }
+
+    void TracingGapCentralSt::SetSecureConnectionMode(services::GapPairing::SecureConnectionMode connectionMode)
+    {
+        tracer.Trace() << "TracingGapCentralSt::SetSecureConnectionMode";
+        GapCentralSt::SetSecureConnectionMode(connectionMode);
     }
 
     void TracingGapCentralSt::SetIoCapabilities(services::GapPairing::IoCapabilities caps)
diff --git a/hal_st/middlewares/ble_middleware/TracingGapCentralSt.hpp b/hal_st/middlewares/ble_middleware/TracingGapCentralSt.hpp
index 3ee4afc2..ac6dc574 100644
--- a/hal_st/middlewares/ble_middleware/TracingGapCentralSt.hpp
+++ b/hal_st/middlewares/ble_middleware/TracingGapCentralSt.hpp
@@ -29,7 +29,9 @@ namespace hal
 
         // Implementation of GapPairing
         void Pair() override;
-        void SetSecurityMode(services::GapPairing::SecurityMode mode, services::GapPairing::SecurityLevel level) override;
+
+        void SetManInTheMiddleMode(services::GapPairing::ManInTheMiddleMode mitmMode) override;
+        void SetSecureConnectionMode(services::GapPairing::SecureConnectionMode connectionMode) override;
         void SetIoCapabilities(services::GapPairing::IoCapabilities caps) override;
         void AuthenticateWithPasskey(uint32_t passkey) override;
         void NumericComparisonConfirm(bool accept) override;