United States government regulation compliance
Compliance with United States government security and information technology regulations help to remove sales impediments and roadblocks. It also provides a proof point to prospects worldwide that HCL® is working to make their products the most secure in the industry. This topic lists the standards and guidelines that AppScan® Source supports.
- Internet Protocol Version 6 (IPv6)
- Federal Information Processing Standard (FIPS)
- National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a
- Windows machines that are configured to use the United States Government Configuration Baseline (USGCB)
Internet Protocol Version 6 (IPv6)
AppScan Source is enabled for IPv6, with these exceptions:
- Inputting IPv6 numerical addresses is not supported and a host name must be entered instead. Inputting IPv4 numerical addresses is supported.
- IPv6 is not supported when connecting to Rational Team Concert™.
Federal Information Processing Standard (FIPS)
On Windows™ and Linux™ platforms that are supported by AppScan Source, AppScan Source supports FIPS Publication 140-2, by using a FIPS 140-2 validated cryptographic module and approved algorithms.
To learn background information about AppScan Source FIPS compliance - and to learn how to enable and disable AppScan Source FIPS 140-2 mode, see these technotes:
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a
NIST SP 800-131A guidelines provide cryptographic key management guidance. These guidelines include:
- Key management procedures.
- How to use cryptographic algorithms.
- Algorithms to use and their minimum strengths.
- Key lengths for secure communications.
Government agencies and financial institutions use the NIST SP 800-131A guidelines to ensure that the products conform to specified security requirements.
NIST SP 800-131A is supported only when AppScan Source is operating in FIPS 140-2 mode. To learn about enabling and disabling AppScan Source FIPS 140-2 mode, see Federal Information Processing Standard (FIPS).
- If you are not installing the AppScan
Source
Database (for example, you are only installing
client components), you can force Transport Layer Security V1.2 by modifying
<data_dir>\config\ounce.ozsettings (where <data_dir> is the location of your
AppScan
Source program data, as described in Installation and user data file locations)). In this file, locate this
setting:
<Setting name="tls_protocol_version" read_only="false" default_value="0" value="0" description="Minor Version of the TLS Connection Protocol" type="text" display_name="TLS Protocol Version" display_name_id="" available_values="0:1:2" hidden="false" force_upgrade="false" />
In the setting, change
value="0"
tovalue="2"
and then save the file. - If you are installing the AppScan Source Database, you force Transport Layer Security V1.2 in the HCL® AppScan Enterprise Server Database Configuration tool after installing both AppScan Source and the Enterprise Server.
Windows machines that are configured to use the United States Government Configuration Baseline (USGCB)
AppScan Source supports scanning applications on Windows machines that are configured with the USGCB specification.