Running in a Federal Information Processing Standards (FIPS) environment

FIPS is a set of standards and guidelines for cryptographic modules and algorithms used by the U.S. government and other organizations. To be FIPS-compliant means that you are meeting the minimum security requirements defined by FIPS publications. You can run Application Security in a FIPS-compliant environment running on Red Hat Enterprise Linux 9 (RHEL 9). While there is no configuration required to run Application Security in a FIPS environment, you must ensure that LDAP servers, SMTP servers, and webhooks are configured as secure connections or you will receive an error in Application Security.

For instructions on how to configure FIPS-compliant cryptography, see the RHEL 9 documentation.

Before you run Application Security in a FIPS environment:

• Ensure that you are using Application Security version 24.4.0 or later. Otherwise, you must migrate the Application Security keystore that stores a secret.key file to encrypt sensitive data.

  For more information, see About the <fortify.home> directory.

• Ensure that LDAP servers, SMTP servers, and webhooks are configured as secure connections.