Home
Installing
Learn how to install the product.
Post installation tasks
After you install AppScan® Enterprise, complete these postinstallation tasks.
Support for FIPS 140-2 and NIST SP800-131a security standards
The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
Enabling FIPS 140-2/NIST 800-131a compliance in the Enterprise Console
When FIPS 140-2 compliance is enabled in the Enterprise Console, some functionality that is not FIPS 140-2 compliant will not work as expected or will be disabled. By default, the Enterprise Console is compliant with the NIST 800-131a transition mode. When you run AppScan® Server Configuration Wizard, it will detect whether or not your environment is in NIST strict mode and will respect those settings.

Installing
Learn how to install the product.
- Planning the deployment and installation
  The configuration you use depends on a number of factors: what you plan to do with the software, how your organization and website or applications are structured, and how the information is to be distributed. Before you install the current release, review the information about hardware and software requirements, licensing, and other deployment considerations.
- Preinstallation tasks
  Before you install AppScan® Enterprise, you will need to prepare and configure your system.
- Installation tasks
  This section provides the instructions for installing AppScan® Enterprise.
- Post installation tasks
  After you install AppScan® Enterprise, complete these postinstallation tasks.
  - Postinstallation checklist
    After you install AppScan® Enterprise, review and complete all of the necessary tasks on the postinstallation checklist.
  - Verifying the agent service and alerting service installation
    During installation, two services were installed: the Agent Service and the Alert Service. You need to ensure that these services have been installed and are started. If the agent service is not started, any jobs that users create will not be picked up and run by the Server. If the alerting service is not started, any alerts that have been configured for users will not be issued. Make sure that only one instance of the alerting service is installed; otherwise, duplicate notifications might be sent out.
  - Configuring a basic user registry for the Liberty profile
  - Securing the deployment
    Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
  - Support for FIPS 140-2 and NIST SP800-131a security standards
    The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
    - Enabling FIPS 140-2/NIST 800-131a compliance in the Enterprise Console
      When FIPS 140-2 compliance is enabled in the Enterprise Console, some functionality that is not FIPS 140-2 compliant will not work as expected or will be disabled. By default, the Enterprise Console is compliant with the NIST 800-131a transition mode. When you run AppScan® Server Configuration Wizard, it will detect whether or not your environment is in NIST strict mode and will respect those settings.
    - Enabling FIPS 140-2 compliance on your operating system
      After you upgrade AppScan® Enterprise Server and the Dynamic Analysis Scanner, enable FIPS compliance on your operating system.
    - Enabling FIPS 140-2 or NIST SP800-131a on WebSphere Liberty Profile
      Use one of these procedures to enable FIPS 140-2 or NIST SP800-131a on WebSphere Liberty Profile.
  - Authenticating with the Common Access Card (CAC)
    The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
- Advanced installation scenarios

Enabling FIPS 140-2/NIST 800-131a compliance in the Enterprise Console

When FIPS 140-2 compliance is enabled in the Enterprise Console, some functionality that is not FIPS 140-2 compliant will not work as expected or will be disabled. By default, the Enterprise Console is compliant with the NIST 800-131a transition mode. When you run AppScan® Server Configuration Wizard, it will detect whether or not your environment is in NIST strict mode and will respect those settings.

About this task

User role: Product Administrator

Procedure

In the Enterprise Console, go to the General Settings page of the Administration view, and click Edit in the Enterprise Console Settings section.
By default, the check box in the Enable enhanced security section is cleared. Select the option if your organization must be compliant with FIPS 140-2 or NIST SP 800-131a.

Note: Upon upgrade from version 8.7, the check box keeps the value it had before upgrade. If you were FIPS compliant, then this checkbox remains selected; otherwise, it remains cleared.
Click Done.