Important Notification Update - LexisNexis® Risk Solutions | TLS 1.2 Security Initiative

Document created by RSA Product Team Employee on Oct 19, 2017Last modified by RSA Product Team Employee on Oct 19, 2017
Version 2Show Document
  • View in full screen mode

Dear Customer,

 

RSA wants you to be aware of an update to the TLS 1.2 Security Initiative by LexisNexis® Risk Solutions, the provider of Knowledge Based Authentication.  This LexisNexis® Risk Solutions initiative requires your immediate attention.

 

LexisNexis® Risk Solutions has informed RSA that all LexisNexis® Risk Solutions customers are required to meet the minimum security protocol of TLS 1.2. 

 

This LexisNexis® Risk Solutions initiative, which began in early 2017, has adjusted its end date to ensure that all customers are prepared. From February 1, 2018, LexisNexis® Risk Solutions will begin to disable TLS 1.0 and 1.1 ciphers and protocols.  LexisNexis® Risk Solutions has informed RSA that customers who do not meet TLS 1.2 protocol requirements, will no longer be able to access LexisNexis® Risk Solutions systems.

 

Note: LexisNexis will disable TLS 1.0 and 1.1 in their staging environment on Tuesday, October 24, 2017 at 10:00pm EST, for customers who utilize the LexisNexis® Risk Solutions InstantID Q&A product to test their TLS 1.2 settings.

 

The Test URL in Scope is: https://staging.netview.verid.com

 

Note: RSA’s Adaptive Authentication On-Premise supports TLS 1.2 only from version 7.3 P1 onwards. Customers who use LexisNexis® Risk Solutions with Adaptive Authentication On-Premise, who do not use version 7.3 P1 or later, must upgrade their Adaptive Authentication On-premise system to meet LexisNexis® Risk Solutions requirements.  In addition, customers will need to use JAVA 8.

 

Please work directly with LexisNexis® Risk Solutions on any exception. Without the upgrade (plus JAVA 8) or an exception, API calls to LexisNexis® Risk Solutions will fail after the LexisNexis® Risk Solutions Security Initiative is implemented.

 

For additional documentation, downloads, and more, visit the RSA Adaptive Authentication page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Attachments

    Outcomes