Skip to main content

Enabling FIPS

Starting at Version 3.5.0, CxIAST supporting the Federal Information Processing Standards (FIPS). To enable FIPS in Windows, do the following:

  1. Open Local Security Policy using secpol.msc.

  2. On the left pane, navigate to Security Settings > Local Policies > Security Options.

  3. Navigate to the property of System Cryptography: Use FIPS Compliant algorithms for encryption, hashing, and signing.

  4. Double-click to open the property, select Enabled and then click OK.

Enabling Tomcat in FIPS Mode

To enable the Tomcat service in FIPS mode, do the following:

  1. Stop the Tomcat service.

  2. Verify that Microsoft Visual C++ 2015 Redistributable (x64) is installed.

  3. Download the compiled tcnativ~1.dll file to a folder of your choice from https://download.checkmarx.com/CxIAST/FIPS/tcnative-1.dll

  4. Copy the compiled tcnativ~1.dll to your Tomcat folder.

    • If you use the Tomcat server provided with your IAST installation, copy tcnativ~1.dll to the tomcat\lib folder.

    • If you use your own Tomcat server, copy tcnativ~1.dll to the tomcat\bin folder.

  5. Navigate to tomcat\conf\server.xml and edit the following tags:

    1. Enable the FIPS Mode for the APR listener:

      <Listener
          className='org.apache.catalina.core.AprLifecycleListener
          SSLEngine="on"
          FIPSMode="on"
       />
    2. Configure the HTTPS connector to use the Native (OpenSSL) implementation of the SSL/TLS protocol:

      <Connector
          protocol="org.apache.coyote.http11AprProtocol"
          ...
       />
  6. Restart the Tomcat service.