Configure LCE for NIAP Compliance
If your organization requires your instance of LCE to meet National Information Assurance Partnership (NIAP) standards, you can configure relevant settings to be compliant with NIAP standards.
You must run LCE 6.0.6 to configure LCE for NIAP compliance.
Before you begin:
Confirm you have enabled the full disk encryption capabilities provided by the operating system on the host where LCE is installed.
- Contact Tenable Support for access to the following required script file:
To configure LCE for NIAP compliance:
As the root user, run the following command to create a new directory for the script file:mkdir /path/to/fixer29/
Run the following commands to download the script file into the directory you created:
cp /path/to/download/LCE-NIAPcompliance-Oct29-fixerPkg.tgz /path/to/fixer29
Run the following command to navigate to the fixer29 directory:cd /path/to/fixer29
Run the following command to extract the script:tar zxf LCE-NIAPcompliance-Oct29-fixerPkg.tgz
Run the following command to start LCE-NIAPcompliance-Oct29-fixer:./LCE-NIAPcompliance-Oct29-fixer
Run the following commands to enable NIAP-compliant settings:
LCE secures communications with TLS 1.2 and the following cipher suites: ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-SHA384, or ECDHE-RSA-AES256-GCM-SHA384.
Note: Enabling NIAP mode encrypts communications for the following:
- Receiving the encrypted TCP syslog. For more information, see Receiving Encrypted Syslog.
- Sending vulnerability reports to Tenable.sc.
- Downloading plugin updates.
- Web UI server and desktop browser.
(Optional) Run the following commands to view your NIAP settings and enabled ciper suites:
undoc-config --get wwwd NIAP_COMPLIANT
- If you connect LCE to Tenable.sc, you must use certificates to authenticate the connection. For more information, see Manual Key Exchange with Tenable.sc.