Question & Answer
Question
What support does Rational ClearQuest provide for organizations wishing to comply with NIST SP 800-131A guidelines?
Cause
US. Government organizations might be required to support NIST SP 800-131A guidelines http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf. These guidelines place certain restrictions on the types of cryptographic algorithms that are used in application deployments.
Answer
If your organization must comply with NIST SP 800-131A guidelines, the following ClearQuest deployment configurations can help with compliance.
- Deploy ClearQuest version 8.0.1.1 or later.
- Configure ClearQuest to use enhanced cryptographic algorithms as recommended by the FIPS 140-2 guidelines. See FIPS 140-2 Approved Data Encryption.
- Host ClearQuest Web Server on an IBM WebSphere® Application Server (WAS) that has been configured to support the NIST SP 800-13A guidelines. See Configuring WAS for SP 800-131 Strict Mode and Configuring WAS for SP 800-131 Transition Mode . There is also a Rational ClearCase and ClearQuest technote that explains more about configuring WAS for NIST SP 800-131A. See Configuring TLS 1.2 in IHS and WAS for CCRC and CQ.
- ClearQuest LDAP authentication is used for conforming to the FIPS 140-2 guidelines. The connection between ClearQuest and the LDAP server should be configured to use a high level of the TLS protocol as recommended in the SP 800-131 guidelines, and as specified by your organization. See Configuring CQ for TLS1.2 or TLS1.1.
The following information can help you determine whether your ClearQuest deployment conforms to the NIST SP 800-131A guidelines:
- ClearQuest cryptographic keys adhere to a minimum key strength of 112 bits for FIPS 140-2 conforming deployments.
- ClearQuest does not provide digital signature capability as defined by the guidelines. Use of the ClearQuest eSignature package does not conform to the guidelines of a digital signature since it is not using digital certificates. The eSignature package should not be applied.
- ClearQuest uses an approved Java random number generator.
[{"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Web Server (7.1)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0.1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21649580