Internal auditors are asking if there any documentation that shows all Laserfiche applications have secure protocols. Is there documentation on this?
Question
Question
Is there any documentation that shows all Laserfiche applications have secure protocols?
Answer
Hi Tyler,
Laserfiche applications use standard protocols such as HTTP, TCP and WCF for network communication, SMB/NFS for file operations, and SMTP/IMAP for email server communication.
It is a customer's responsibility to enable use of the secure versions of these protocols, like HTTPS. When so enabled, Laserfiche leverages the Microsoft Schannel Security Support Provider (SSP) for cryptography and encryption. Laserfiche 10.4.2 applications use TLS 1.2 by default. Earlier Laserfiche versions may target older versions of .NET Framework that require the registry updates described in KB 1013919: Configuration Information for TLS 1.2.
The support site provides a white paper on Configuring SSL/TLS Encryption in Laserfiche that may be useful to provide to your auditors. That will show them that Laserfiche can use secure protocols. You will then likely need to provide your own documentation showing your Laserfiche system is actually configured to use the secure protocols as detailed in the white paper.
Hope that helps.
Best,
Sam