Support for FIPS 140-2 and NIST SP800-131a security standards

The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.

Overview

Government agencies and financial institutions use these standards to ensure that their products conform to specified security requirements. Recently, new security standards have become available. The National Institute of Standards and Technology (NIST) developed a new standard, Special Publications 800-131a (or SP 800-131a), to replace the current FIPS standards (FIPS 140-2). NIST SP800-131a replaces FIPS 140-2. SP800-131a strengthens the algorithms and increases the key lengths to increase security, and provides both transition mode and strict mode.

FIPS 140-2

One of the standards published by NIST is the Federal Information Processing Standard Security Requirements for Cryptographic Modules, referred to as FIPS 140-2. FIPS 140-2 provides a standard that can be required by US federal agencies who specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Many US federal agencies can be configured to use this level, but might be required to move up to the newer SP800-131a standard. See The National Institute of Standards and Technology for more information about the 140-2 standard. AppScan® Enterprise is compliant with FIPS 140-2.

NIST SP800-131a

SP800-131a is a requirement originated by the National Institute of Standards and Technology (NIST) which requires longer key lengths and stronger cryptography. The specification also provides a transition configuration to enable US federal agencies to move to a strict enforcement of SP800-131a. The transition configuration also enables US federal agencies to run with a mixture of settings from both FIPS140-2 and SP800-131a. SP800-131a can be run in two modes: transition and strict. AppScan® Enterprise is compliant with NIST transition mode.