United States government regulation compliance
Compliance with United States government security and information technology regulations help to provides a proof point to prospects worldwide that HCL® is working to make their products the most secure in the industry.
Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)
The DISA Application Security and Development Security Technical Implementation Guide (ASD STIG) is a set of security guidelines developed by the Defense Information Systems Agency (DISA) for securing applications and ensuring that secure coding practices are followed during the software development lifecycle (SDLC). This guide helps organizations comply with security best practices and requirements for application security and development in environments that handle sensitive or classified information, such as those within the U.S. Department of Defense (DoD).
AppScan 360° 1.6.0 supports the DISA STIG V6R1 report format.
To learn about the DISA Application Security and Development STIG, seehttps://public.cyber.mil/stigs/.Federal Information Processing Standard (FIPS)
Federal Information Processing Standard (FIPS) is a United States government standard that defines the security requirements for cryptographic modules used in computer systems and other electronic devices. The standard outlines the criteria for the design, implementation, and operation of cryptographic modules to ensure that they provide adequate security for the protection of sensitive information.
AppScan 360° version 1.6.0 is FIPS 140-3 compliant.
Internet protocol interoperability for IPV4 and IPv6
Internet Protocol version (IPv) refers to different versions of the Internet Protocol (IP) used to route data across networks. The Internet Protocol is responsible for addressing and sending data packets between computers, devices, and networks over the internet or any other packet-switched network.
All AppScan 360° 1.6.0 components support both IPv6 and IPv4 even with both protocols enabled, as follows:| Component | IPv4 only | IPv6 only | IPv4 and IPv6 concurrently |
|---|---|---|---|
| AppScan 360° central platform | Yes | Yes, but requires Kubernetes cluster networking to be configured with dual stack networking | Yes |
| Dynamic analysis (DAST) | Yes | Yes | Yes |
| Presence | Yes | Not tested | Not tested |
| Static Analysis (SAST) | Yes | Yes | Yes |
| AppScan Remediation Advisories | Yes | Yes | Yes |
Voluntary Product Accessibility Template (VPAT)
A VPAT, or Voluntary Product Accessibility Template, is a document that helps buyers and sellers assess the accessibility of Information and Communication Technology (ICT) products and services, ensuring compliance with standards like Section 508 of the Rehabilitation Act of 1973, the Web Content Accessibility Guidelines (WCAG), and EN 301 549.
The AppScan 360° Accessibility Compliance Report is available here.