Enabling FIPS 140-2/NIST 800-131a compliance in the Enterprise Console

When FIPS 140-2 compliance is enabled in the Enterprise Console, some functionality that is not FIPS 140-2 compliant will not work as expected or will be disabled, including the Manual Explore plugin. By default, the Enterprise Console is compliant with the NIST 800-131a transition mode. When you run AppScan® Server Configuration Wizard, it will detect whether or not your environment is in NIST strict mode and will respect those settings.

About this task

User role: Product Administrator

Procedure

  1. In the Enterprise Console, go to the General Settings page of the Administration view, and click Edit in the Enterprise Console Settings section.
  2. By default, the check box in the Enable enhanced security section is cleared. Select the option if your organization must be compliant with FIPS 140-2 or NIST SP 800-131a. When the option is selected, use the Manual Explorer tool to manually explore your application for additional URLs. See Manually exploring your site to add more URLs to the scan to learn how to download and use the tool.
    Note: Upon upgrade from version 8.7, the check box keeps the value it had before upgrade. If you were FIPS compliant, then this checkbox remains selected; otherwise, it remains cleared.
  3. Click Done.