Skip to main content

Enabling FIPS

Starting at Version 3.5.0, CxIAST supporting the Federal Information Processing Standards (FIPS). To enable FIPS in Windows, do the following:

1. Open Local Security Policy using secpol.msc.

2. On the left pane, navigate to Security Settings > Local Policies > Security Options.

3. Navigate to the property of System Cryptography: Use FIPS Compliant algorithms for encryption, hashing, and signing.

4. Double-click to open the property, select Enabled and then click OK.

Enabling Tomcat in FIPS Mode

1. Stop the Tomcat service.

2. Verify that Microsoft Visual C++ 2015 Redistributable (x64) is installed.

3. Download the compiled tcnativ~1.dll file to a folder of your choice from https://download.checkmarx.com/CxIAST/FIPS/tcnative-1.dll

4. Copy the compiled tcnativ~1.dll to your Tomcat folder.

  • If you use the Tomcat server provided with your IAST installation, copy tcnativ~1.dll to the tomcat\lib folder.

  • If you use your own Tomcat server, copy tcnativ~1.dll to the tomcat\bin folder.

5. Navigate to tomcat\conf\server.xml and edit the following tags:

a. Enable the FIPS Mode for the APR listener:

<Listener
    className='org.apache.catalina.core.AprLifecycleListener
    SSLEngine="on"
    FIPSMode="on"
 />

b. Configure the HTTPS connector to use the Native (OpenSSL) implementation of the SSL/TLS protocol:

<Connector
    protocol="org.apache.coyote.http11AprProtocol"
    ...
 />

6. Restart the Tomcat service