Compliance with US Federal Government standards
IT Analytics is compliant with the following United States Federal Government standards:
Encryption: IT Analytics uses a FIPS 140-2 cryptographic library for at-rest encryption and in-flight encryption. However, full support for FIPS 140-2 is not enabled.
Communication and data transfer: IT Analytics complies with both IPv4 and IPv6 for transferring data securely over the public and private networks. SSL/TLS protocols are followed for communication between networked systems. TLS 1.2 and TLS 1.3 are supported.
Network security: IT Analytics adheres to Public key infrastructure (PKI) and 2-factor authentication for network security. Network can be configured to require Single Sign-on (SSO) in such a way that the PKI or 2-Factor Authentication of the SSO is inherited by IT Analytics.
On Linux, IT Analytics is supported on RHEL which is configured to be STIG compliant. Apache, Oracle, and Tomcat subsystems of the product are STIG compliant. Application security and development requirements are met for all category-1 items as well as some category-2 and -3 items.
Security Technical Implementation Guide (STIG): IT Analytics is supported on STIG-compliant RHEL. Moreover, the Apache, Oracle, and Tomcat subsystems are STIG compliant. The application security and development requirements adhere to CAT 1 STIG compliance level.
IT Analytics data security at rest: IT Analytics users who want to ensure their IT Analytics data stored in Oracle Database is encrypted at rest must use the Oracle feature Transparent Data Encryption (TDE). TDE is part of the Oracle Advanced Security. It is available as an additional licensed option for the Oracle Database Enterprise Edition.