Configuring Rational DOORS Web Access to comply with security standards

You can configure Rational® DOORS® Web Access to comply with standards that are specified by the US Department of Commerce National Institute of Standards and Technology (NIST) and National Security Agency (NSA) to define security requirements for encryption.

The standards include Federal Information Processing Standards (FIPS) publication 140-2, NIST Special Publication (SP) 800-131A, and NSA Suite B.

FIPS 140-2 requires that the Transport Layer Security (TLS) protocol and the cryptographic modules are certified.
NIST SP 800-131A requires stronger cryptographic algorithms and key lengths that are used in FIPS 140-2 cryptographic modules.
NSA Suite B requires TLS 1.2 protocol and cipher suites that are configured with a minimum level of security of 128 bits by using ECDSA-256 and ECDSA-384.

Rational DOORS Web Access complies with these standards by using these IBM® SDK Java™ Technology Edition Version 6 components:

IBM 32-bit Runtime Environment for Windows Java Technology Edition Version 6
IBM 32-bit Runtime Environment for Linux® on Intel architecture Java Technology Edition Version 6

Update 10 and later of these Java runtime components support FIPS 140-2 by using TLS 1.0 protocol. Update 12 and later are certified to support TLS versions 1.0, 1.1 and 1.2.

In addition, to ensure compliance, you must configure the server and client browsers as follows:

Apache Tomcat server:

Update system properties to specify compliance levels.
Update the configuration file to specify Secure Sockets Layer (SSL) protocols and cipher suites.

Client browser:

Configure client browsers to submit requests by using the minimum SSL protocol version.
SSL keystores: Update SSL certificates to meet the minimum encryption strength requirements.

In addition to the following topics about configuring Rational DOORS Web Access, see the technote Configuring the Rational DOORS database server and client for compliance with NIST SP 800-131A.