What's New in Encryption in SAS 9.3

Overview

Encryption in SAS is affected by the following changes and enhancements in SAS:
  • FIPS 140-2 is a standard that defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. In SAS 9.3, enhancements have been made to support this standard of security. SAS/SECURE and SSL now comply with the FIPS 140-2 standard.
  • In the second maintenance release for SAS 9.3, a hot fix is available that updates the UNIX and z/OS OpenSSL version for 0.9.8.
  • In the second maintenance release for SAS 9.3, security hot fixes are available that introduce two new environment variables: SAS_SSL_MIN_PROTOCOL, supported on UNIX, Windows, and z/OS, and SAS_SSL_CIPHER_LIST, supported on UNIX and z/OS.

General Enhancements

  • SAS/SECURE now supports FIPS 140-2 encryption. See FIPS 140-2 Standards Compliance for details.
  • Secure Sockets Layer (SSL) now supports FIPS 140-2 encryption. See Secure Sockets Layer (SSL) for details.
  • New option ENCRYPTFIPS specifies that encryption services are using FIPS 140-2 validated algorithms. When specified, a new INFO message is written at server start-up. Refer to ENCRYPTFIPS System Option for details.
  • The process for downloading SSL libraries has changed. See Secure Sockets Layer (SSL) for details.
  • If using the FIPS 140-2 standard for security, the algorithm used for hashing passwords is SHA-256. The MD5 algorithm continues to be used for all other security technologies.
  • Encoded passwords are now supported for SAS data sets.
  • In the second maintenance release for SAS 9.3, a hot fix is available that updates the OpenSSL 0.9.8 version on UNIX and z/OS. For more information, see SSL Software Availability.
    In the second maintenance release for SAS 9.3, security hot fixes are available that introduce two new environment variables: SAS_SSL_MIN_PROTOCOL, supported on UNIX, Windows, and z/OS, and SAS_SSL_CIPHER_LIST, supported on UNIX and z/OS. For more information, see SAS_SSL_MIN_PROTOCOL Environment Variable and SAS_SSL_CIPHER_LIST Environment Variable.