United States government regulation compliance
Compliance with United States government security and information technology regulations help to remove sales impediments and roadblocks. It also provides a proof point to prospects worldwide that HCL® is working to make their products the most secure in the industry. This topic lists the standards and guidelines that AppScan® Source supports.
- Internet Protocol Version 6 (IPv6)
- Federal Information Processing Standard (FIPS)
- National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a
- Windows 7 machines that are configured to use the United States Government Configuration Baseline (USGCB)
Internet Protocol Version 6 (IPv6)
AppScan Source is enabled for IPv6, with these exceptions:
- Inputting IPv6 numerical addresses is not supported and a host name must be entered instead. Inputting IPv4 numerical addresses is supported.
- IPv6 is not supported when connecting to Rational Team Concert™.
Federal Information Processing Standard (FIPS)
On Windows™ and Linux™ platforms that are supported by AppScan Source, AppScan Source supports FIPS Publication 140-2, by using a FIPS 140-2 validated cryptographic module and approved algorithms. On macOS platforms that are supported by AppScan Source, manual steps are needed to operate in FIPS 140-2 mode.
To learn background information about AppScan Source FIPS compliance - and to learn how to enable and disable AppScan Source FIPS 140-2 mode, see these technotes:
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a
NIST SP 800-131A guidelines provide cryptographic key management guidance. These guidelines include:
- Key management procedures.
- How to use cryptographic algorithms.
- Algorithms to use and their minimum strengths.
- Key lengths for secure communications.
Government agencies and financial institutions use the NIST SP 800-131A guidelines to ensure that the products conform to specified security requirements.
NIST SP 800-131A is supported only when AppScan Source is operating in FIPS 140-2 mode. To learn about enabling and disabling AppScan Source FIPS 140-2 mode, see Federal Information Processing Standard (FIPS).
- If you are not installing the AppScan
Source
Database (for example, you are only installing
client components), you can force Transport Layer Security V1.2 by modifying
<data_dir>\config\ounce.ozsettings (where <data_dir> is the location of your
AppScan
Source program data, as described in Installation and user data file locations)). In this file, locate this
setting:
<Setting name="tls_protocol_version" read_only="false" default_value="0" value="0" description="Minor Version of the TLS Connection Protocol" type="text" display_name="TLS Protocol Version" display_name_id="" available_values="0:1:2" hidden="false" force_upgrade="false" />
In the setting, change
value="0"
tovalue="2"
and then save the file. - If you are installing the AppScan Source Database, you force Transport Layer Security V1.2 in the HCL® AppScan Enterprise Server Database Configuration tool after installing both AppScan Source and the Enterprise Server.
Windows 7 machines that are configured to use the United States Government Configuration Baseline (USGCB)
AppScan Source supports scanning applications on Windows 7 machines that are configured with the USGCB specification.