Security and Compliance
Compliance with FIPS
Digital security is the highest priority at Thales. To ensure top-notch security for customers, SafeNet Authentication Service adheres to Federal Information Processing Standards encouraged and shared by the US government which help with cyber risk management. It implies that FIPS-approved algorithms are leveraged in cryptographic operations, including cryptographic key generation, storage and distribution, in the SAS application. The following sections outline the configuration and verification of FIPS compliance in SAS machines.
The Microsoft security application EMET 5.52 is removed from SafeNet Authentication Service and is no longer part of SAS PCE compliance practice.
Configure FIPS Mode in SAS Machine
You can enable FIPS mode in your SAS machine by using the following instructions:
-
Press Windows icon on the Taskbar and type Local Group Policy Editor in the search box. The Local Group Policy Editor window is displayed.
-
In the left pane, click Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
-
Enable System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing.
Verify FIPS Compliance in SAS Machine
While non-FIPS compliant versions are still supported by SAS PCE, customers may face technical limitations even after enabling FIPS mode in their existing setup. It is recommended to upgrade to version 3.19 or later (as and when available) to make your SAS PCE application fully FIPS compliant.
To check whether FIPS security algorithms are compatible with your application, you need to determine the cipher key length. SAS PCE 3.19 is equipped with cryptographic algorithm enhancements which allow users to verify the cipher key length in the events logs of their Windows machine.
If you are using older versions of SAS PCE, you must upgrade to 3.19 or later (as and when available) to view the cipher key length data.
To verify cipher key length, follow the steps:
-
Log in to SAS as an administrator. The event information would be logged.
-
In the Event Viewer app, navigate to Windows Logs > Application to access event log information.
-
In the event log list, double-click the latest information as shown in the above image. The Event Properties window opens, displaying cipher key length in the General section.
The standard cipher key length values compatible with FIPS algorithms are 16, 24 and 32 bytes. If any other cipher key value is displayed for your login event, contact Thales Customer Support to seek assistance with data migration with FIPS-on mode.