You can configure Rational® DOORS® Web Access to comply with
standards that are specified by the US Department of Commerce National
Institute of Standards and Technology (NIST) and National Security
Agency (NSA) to define security requirements for encryption.
The standards include Federal Information Processing Standards
(FIPS) publication 140-2, NIST Special Publication (SP) 800 131a,
and NSA Suite B.
- FIPS 140-2 requires that the Transport Layer Security (TLS) protocol
and the cryptographic modules are certified.
- SP800-131a requires stronger cryptographic algorithms and key
lengths that are used in FIPS 140-2 cryptographic modules.
- Suite B requires TLS v1.2 and cipher suites that are configured
with a minimum level of security of 128 by using ECDSA-256 and ECDSA-384.
Rational DOORS Web Access complies with these standards
by using these IBM® SDK Java™ Technology Edition Version
6 components:
- IBM 32-bit Runtime Environment
for Windows Java Technology Edition Version 6
- IBM 32-bit Runtime Environment
for Linux on Intel architecture Java Technology Edition Version
6
- IBM 64-bit Runtime Environment
for Solaris Java Technology
Edition Version 6
Update 10 and later of these Java runtime
components support FIP 140-2 by using TLS 1.0. Update 12 and later
are certified to support TLS versions 1.0, 1.1 and 1.2.
In addition, to ensure compliance, you must configure the server
and client browsers as follows:
Apache Tomcat server:
- Update system properties to specify compliance levels.
- Update the configuration file to specify Secure Sockets Layer
(SSL) protocols and cipher suites.
Client browser:
- Configure client browsers to submit requests by using the minimum
SSL protocol version.
- SSL keystores: Update SSL certificates to meet the minimum encryption
strength requirements.
In addition to the following topics about configuring Rational
DOORS Web Access, see the technote Configuring the Rational DOORS database server and
client for compliance with NIST SP800-131a.