The National Institute of Standards and Technology (NIST)
is the US federal technology agency that works with industry to develop
and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured
to work with various security standards to meet security requirements
required by the US government.
Overview
Government agencies and
financial
institutions use these standards to ensure that their products conform
to specified security requirements. Recently, new security standards
have become available. The National Institute of Standards and Technology
(NIST) developed a new standard, Special Publications 800-131a (or
SP 800-131a), to replace the current FIPS standards (FIPS 140-2).
NIST SP800-131a replaces FIPS 140-2. SP800-131a strengthens the algorithms
and increases the key lengths to increase security, and provides both
transition mode and strict mode.
FIPS
140-2
One of the standards published by
NIST is the Federal Information Processing Standard Security Requirements
for Cryptographic Modules, referred to as FIPS 140-2. FIPS 140-2 provides
a standard that can be required by US federal agencies who specify
that cryptographic-based security systems are to be used to provide
protection for sensitive or valuable data. Many US federal agencies
can be configured to use this level, but might be required to move
up to the newer SP800-131a standard. See The
National Institute of Standards and Technology for more information
about the 140-2 standard. AppScan Enterprise
is compliant with FIPS 140-2.NIST SP800-131a
SP800-131a
is a requirement
originated by the National Institute of Standards and Technology (NIST)
which requires longer key lengths and stronger cryptography. The specification
also provides a transition configuration to enable US federal agencies
to move to a strict enforcement of SP800-131a. The transition configuration
also enables US federal agencies to run with a mixture of settings
from both FIPS140-2 and SP800-131a. SP800-131a can be run in two modes:
transition and strict. AppScan Enterprise
is compliant with NIST transition mode.