What's New in Encryption in SAS 9.3

---

Overview

FIPS 140-2 is a standard that defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. In SAS 9.3, enhancements have been made to support this standard of security. SAS/SECURE and SSL now comply with the FIPS 140-2 standard.

---

General Enhancements

• SAS/SECURE now supports FIPS 140-2 encryption.
• Secure Sockets Layer (SSL) now supports FIPS 140-2 encryption.
• New option ENCRYPTFIPS specifies that encryption services will use FIPS 140-2 validated algorithms. When specified, a new INFO message is written at server start-up.
• The process for downloading SSL libraries has changed.
• If using the FIPS 140-2 standard for security, the algorithm used for hashing passwords will be SHA-256. The MD5 algorithm will continue to be used for all other security technologies.