Home
Installing
Learn how to install the product.
Post installation tasks
After you install AppScan® Enterprise, complete these postinstallation tasks.
Support for FIPS 140-2 and NIST SP800-131a security standards
The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.

Installing
Learn how to install the product.
- Planning the deployment and installation
  The configuration you use depends on a number of factors: what you plan to do with the software, how your organization and website or applications are structured, and how the information is to be distributed. Before you install the current release, review the information about hardware and software requirements, licensing, and other deployment considerations.
- Preinstallation tasks
  Before you install AppScan® Enterprise, you will need to prepare and configure your system.
- Installation tasks
  This section provides the instructions for installing AppScan® Enterprise.
- Post installation tasks
  After you install AppScan® Enterprise, complete these postinstallation tasks.
  - Postinstallation checklist
    After you install AppScan® Enterprise, review and complete all of the necessary tasks on the postinstallation checklist.
  - Verifying the agent service and alerting service installation
    During installation, two services were installed: the Agent Service and the Alert Service. You need to ensure that these services have been installed and are started. If the agent service is not started, any jobs that users create will not be picked up and run by the Server. If the alerting service is not started, any alerts that have been configured for users will not be issued. Make sure that only one instance of the alerting service is installed; otherwise, duplicate notifications might be sent out.
  - Configuring a basic user registry for the Liberty profile
  - Securing the deployment
    Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
  - Support for FIPS 140-2 and NIST SP800-131a security standards
    The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
    - Enabling FIPS 140-2/NIST 800-131a compliance in the Enterprise Console
      When FIPS 140-2 compliance is enabled in the Enterprise Console, some functionality that is not FIPS 140-2 compliant will not work as expected or will be disabled, including the Manual Explore plugin. By default, the Enterprise Console is compliant with the NIST 800-131a transition mode. When you run AppScan® Server Configuration Wizard, it will detect whether or not your environment is in NIST strict mode and will respect those settings.
    - Enabling FIPS 140-2 compliance on your operating system
      After you upgrade AppScan® Enterprise Server and the Dynamic Analysis Scanner, enable FIPS compliance on your operating system.
    - Enabling FIPS 140-2 or NIST SP800-131a on WebSphere Liberty Profile
      Use one of these procedures to enable FIPS 140-2 or NIST SP800-131a on WebSphere Liberty Profile.
    - Enabling NIST compliance on AppScan® Enterprise to work with SiteProtector™
      SP800-131a is a requirement that is originated by the National Institute of Standards and Technology (NIST) which requires longer key lengths and stronger cryptography. The specification also provides a transition configuration to enable users to move to a strict enforcement of SP800-131a. The transition configuration also enables users to run with a mixture of settings from both FIPS140-2 and SP800-131a. SP800-131a can be run in two modes: transition and strict. Out of the box, AppScan® Enterprise is compliant with NIST transition mode.
  - Authenticating with the Common Access Card (CAC)
    The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
- Advanced installation scenarios

Support for FIPS 140-2 and NIST SP800-131a security standards

The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.

Overview

Government agencies and financial institutions use these standards to ensure that their products conform to specified security requirements. Recently, new security standards have become available. The National Institute of Standards and Technology (NIST) developed a new standard, Special Publications 800-131a (or SP 800-131a), to replace the current FIPS standards (FIPS 140-2). NIST SP800-131a replaces FIPS 140-2. SP800-131a strengthens the algorithms and increases the key lengths to increase security, and provides both transition mode and strict mode.

FIPS 140-2

One of the standards published by NIST is the Federal Information Processing Standard Security Requirements for Cryptographic Modules, referred to as FIPS 140-2. FIPS 140-2 provides a standard that can be required by US federal agencies who specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Many US federal agencies can be configured to use this level, but might be required to move up to the newer SP800-131a standard. See The National Institute of Standards and Technology for more information about the 140-2 standard. AppScan® Enterprise is compliant with FIPS 140-2.

NIST SP800-131a

SP800-131a is a requirement originated by the National Institute of Standards and Technology (NIST) which requires longer key lengths and stronger cryptography. The specification also provides a transition configuration to enable US federal agencies to move to a strict enforcement of SP800-131a. The transition configuration also enables US federal agencies to run with a mixture of settings from both FIPS140-2 and SP800-131a. SP800-131a can be run in two modes: transition and strict. AppScan® Enterprise is compliant with NIST transition mode.