What's New in Encryption in SAS 9.3

Overview

FIPS 140-2 is a standard that defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. In SAS 9.3, enhancements have been made to support this standard of security. SAS/SECURE and SSL now comply with the FIPS 140-2 standard. See FIPS 140-2 Standards Compliance for more information.

General Enhancements

  • SAS/SECURE now supports FIPS 140-2 encryption. See FIPS 140-2 Standards Compliance for details.
  • Secure Sockets Layer (SSL) now supports FIPS 140-2 encryption. See Secure Sockets Layer (SSL) for details.
  • New option ENCRYPTFIPS specifies that encryption services will use FIPS 140-2 validated algorithms. When specified, a new INFO message is written at server start-up. Refer to ENCRYPTFIPS System Option for details.
  • The process for downloading SSL libraries has changed. See Secure Sockets Layer (SSL) for details.
  • If using the FIPS 140-2 standard for security, the algorithm used for hashing passwords will be SHA-256. The MD5 algorithm will continue to be used for all other security technologies.
  • Encoded passwords are now supported for SAS data sets.
Copyright © SAS Institute Inc. All rights reserved.