IBM Rational ClearQuest's support for NIST SP 800-131A guidelines

Answer

If your organization must comply with NIST SP 800-131A guidelines, the following ClearQuest deployment configurations can help with compliance.

• Deploy ClearQuest version 8.0.1.1 or later.
• Configure ClearQuest to use enhanced cryptographic algorithms as recommended by the FIPS 140-2 guidelines. See FIPS 140-2 Approved Data Encryption.
• Host ClearQuest Web Server on an IBM WebSphere® Application Server (WAS) that has been configured to support the NIST SP 800-13A guidelines. See Configuring WAS for SP 800-131 Strict Mode and Configuring WAS for SP 800-131 Transition Mode . There is also a Rational ClearCase and ClearQuest technote that explains more about configuring WAS for NIST SP 800-131A. See Configuring TLS 1.2 in IHS and WAS for CCRC and CQ.
• ClearQuest LDAP authentication is used for conforming to the FIPS 140-2 guidelines. The connection between ClearQuest and the LDAP server should be configured to use a high level of the TLS protocol as recommended in the SP 800-131 guidelines, and as specified by your organization. See Configuring CQ for TLS1.2 or TLS1.1.

• ClearQuest cryptographic keys adhere to a minimum key strength of 112 bits for FIPS 140-2 conforming deployments.
• ClearQuest does not provide digital signature capability as defined by the guidelines. Use of the ClearQuest eSignature package does not conform to the guidelines of a digital signature since it is not using digital certificates. The eSignature package should not be applied.
• ClearQuest uses an approved Java random number generator.