Welcome
Installing
Learn how to install the product.
Post installation tasks
After you install AppScan® Enterprise, complete these postinstallation tasks.
Support for FIPS 140-2 and NIST SP800-131a security standards
The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
Enabling FIPS 140-2/NIST 800-131a compliance in the Enterprise Console
When FIPS 140-2 compliance is enabled in the Enterprise Console, some functionality that is not FIPS 140-2 compliant will not work as expected or will be disabled. By default, the Enterprise Console is compliant with the NIST 800-131a transition mode. When you run AppScan® Server Configuration Wizard, it will detect whether or not your environment is in NIST strict mode and will respect those settings.

Welcome
Welcome to the HCL AppScan Enterprise 10.11.0 documentation, where you can find information about how to install, maintain, and use HCL AppScan Enterprise.
Accessibility features for AppScan® Enterprise
Accessibility features assist users who have a disability, such as restricted mobility or limited vision, to use information technology content successfully.
Overview
Learn general information about the product.
Installing
Learn how to install the product.
- Planning the deployment and installation
  The configuration you use depends on a number of factors: what you plan to do with the software, how your organization and website or applications are structured, and how the information is to be distributed. Before you install the current release, review the information about hardware and software requirements, licensing, and other deployment considerations.
- Preinstallation tasks
  Before you install AppScan® Enterprise, you will need to prepare and configure your system.
- Installation tasks
  This section provides the instructions for installing AppScan® Enterprise.
- Installing HCL AppScan Enterprise in silent mode
  You can install AppScan Enterprise in silent mode on a target system, without any manual interventions, by running the executable command line that is programmed to automatically install or configure the package. The silent installation involves a non-interactive technique where parameters defined in these predefined command line validates and runs the installation steps automatically. After the installation and configuration, you can verify the installation error codes captured during the installation process in a log file.
- Post installation tasks
  After you install AppScan® Enterprise, complete these postinstallation tasks.
  - Postinstallation checklist
    After you install AppScan® Enterprise, review and complete all of the necessary tasks on the postinstallation checklist.
  - Verifying the agent service and alerting service installation
    During installation, two services were installed: the Agent Service and the Alert Service. You need to ensure that these services have been installed and are started. If the agent service is not started, any jobs that users create will not be picked up and run by the Server. If the alerting service is not started, any alerts that have been configured for users will not be issued. Make sure that only one instance of the alerting service is installed; otherwise, duplicate notifications might be sent out.
  - Configuring a basic user registry for the Liberty profile
  - Configuring AppScan Enterprise for IPv6
    AppScan Enterprise version 10.11.0 and later supports deployment in IPv6 environments. To make sure the Liberty server, the database, and scanning agents communicate properly, configure the Java Virtual Machine (JVM) settings and server configuration files manually after installation.
  - Securing the deployment
    Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
  - Support for FIPS 140-2 and NIST SP800-131a security standards
    The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
    - Enabling FIPS 140-2/NIST 800-131a compliance in the Enterprise Console
      When FIPS 140-2 compliance is enabled in the Enterprise Console, some functionality that is not FIPS 140-2 compliant will not work as expected or will be disabled. By default, the Enterprise Console is compliant with the NIST 800-131a transition mode. When you run AppScan® Server Configuration Wizard, it will detect whether or not your environment is in NIST strict mode and will respect those settings.
    - Enabling FIPS 140-2 compliance on your operating system
      After you upgrade AppScan® Enterprise Server and the Dynamic Analysis Scanner, enable FIPS compliance on your operating system.
    - Enabling FIPS 140-2 on WebSphere Liberty Profile
      Use this procedure to enable FIPS 140-2 on WebSphere Liberty Profile.
  - Authenticating with the Common Access Card (CAC)
    The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
- Advanced installation scenarios
Upgrading and migrating
Learn how to upgrade the product.
Integrating
Learn how to integrate the product with other solutions.
DevOps
Learn how to extend the product with REST APIs and plugins.
Best practices
Learn best practices for using the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Managing application risk
Follow this workflow to manage application security risks in your organization.
Troubleshooting and support
To help you understand, isolate, and resolve problems with your HCL® software, the troubleshooting and support information contains instructions for using the problem-determination resources that are provided with your HCL products.
Reference
Review reference information for the product.
Glossary

Enabling FIPS 140-2/NIST 800-131a compliance in the Enterprise Console

When FIPS 140-2 compliance is enabled in the Enterprise Console, some functionality that is not FIPS 140-2 compliant will not work as expected or will be disabled. By default, the Enterprise Console is compliant with the NIST 800-131a transition mode. When you run AppScan® Server Configuration Wizard, it will detect whether or not your environment is in NIST strict mode and will respect those settings.

About this task

User role: Product Administrator

Procedure

In the Enterprise Console, go to the General Settings page of the Administration view, and click Edit in the Enterprise Console Settings section.
By default, the check box in the Enable enhanced security section is cleared. Select the option if your organization must be compliant with FIPS 140-2 or NIST SP 800-131a.

Note:
Upon upgrade from version 8.7, the check box keeps the value it had before upgrade. If you were FIPS compliant, then this checkbox remains selected; otherwise, it remains cleared.
Click Done.