You can configure Rational® DOORS® Web Access to comply with
standards that are specified by the US Department of Commerce National
Institute of Standards and Technology (NIST) and National Security
Agency (NSA) to define security requirements for encryption.
The standards include Federal Information Processing Standards
(FIPS) publication 140-2, NIST Special Publication (SP) 800-131A,
and NSA Suite B.
- FIPS 140-2 requires that the Transport Layer Security (TLS) protocol
and the cryptographic modules are certified.
- NIST SP 800-131A requires stronger cryptographic algorithms and
key lengths that are used in FIPS 140-2 cryptographic modules.
- NSA Suite B requires TLS 1.2 protocol and cipher suites that are
configured with a minimum level of security of 128 bits by using ECDSA-256
and ECDSA-384.
Rational DOORS Web Access complies with these standards
by using these IBM® SDK Java™ Technology Edition Version
6 components:
- IBM 32-bit Runtime Environment
for Windows Java Technology Edition Version 6
- IBM 32-bit Runtime Environment
for Linux on Intel architecture Java Technology Edition Version
6
- IBM 64-bit Runtime Environment
for Solaris Java Technology
Edition Version 6
Update 10 and later of these Java runtime
components support FIPS 140-2 by using TLS 1.0 protocol. Update 12
and later are certified to support TLS versions 1.0, 1.1 and 1.2.
In addition, to ensure compliance, you must configure the server
and client browsers as follows:
Apache Tomcat server:
- Update system properties to specify compliance levels.
- Update the configuration file to specify Secure Sockets Layer
(SSL) protocols and cipher suites.
Client browser:
- Configure client browsers to submit requests by using the minimum
SSL protocol version.
- SSL keystores: Update SSL certificates to meet the minimum encryption
strength requirements.
In addition to the following topics about configuring Rational
DOORS Web Access, see the technote Configuring the Rational DOORS database server and
client for compliance with NIST SP 800-131A.