This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Product Advisories

Read and subscribe to the latest announcements and advisories relating to the SecurID product.

Action Required for Upcoming Identity Router and RSA SecurID Authenticate App Security Improvements

Summary:

To strengthen the overall security of RSA SecurID Access, RSA is rolling out significant improvements that affect all identity routers and the RSA SecurID Authenticate app (iOS and Android). Changes include:

  • Improving the strength of our database encryption by using Federal Information Processing Standards (FIPS)-supported algorithms in the Cloud Authentication Service.
  • Forcing the use of Transport Layer Security (TLS) 1.2 or greater encryption for all communication from the identity routers to the Cloud Authentication Service.
  • Identity routers upgraded to SUSE Linux Enterprise Server (SLES) version 12 SP5 hardened to Security Technical Implementation Guide (STIG) standards.

To ensure uninterrupted service and avoid downtime, you must take action by the following dates.

 

Event & ActionBegin ActionEnd Action

After RSA migrates database data to FIPS-supported algorithms, the Cloud Administration Console will display a Changes Pending message. Please ignore this message as a publish is not required. This status will disappear after your next regular publish.

No customer action needed.
EMEA and ANZ regions: 8/29/2020
US region: 9/12/2020
The RSA SecurID Authenticate app version 2.x will no longer work for iOS or Android. Users must upgrade to the latest version in order to authenticate. See the advisory for details.ImmediatelyOctober 12, 2020

You must update all identity routers to the August release (version 12.10.0.0.5 or higher for on-premises identity routers and RSA_Identity_Router 12.10.0.0.6 or higher for Amazon Cloud) before the last identity router upgrade date (October 31, 2020). After October 31, RSA SecurID Access will enforce TLS1.2 for all connections. Versions of TLS earlier than 1.2 will no longer work. To ensure uninterrupted connectivity, make sure your identity routers are running at least software version 12.10.0.0.8 prior to October 31. For instructions, see Update Identity Router Software for a Cluster.
If you are using a proxy server you must ensure it also support TLS 1.2 and later.

Follow your normal upgrade schedule.

October 31, 2020

Note: A new identity router that takes advantage of hardened security and the latest operating system patches using SLES version 12 SP5 is coming in November. Watch future notifications for details.

 

For additional documentation, downloads and more, visit the RSA SecurID Access page on RSA Link.

EOPS Policy:RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.
Labels (1)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎2020-08-26 09:53 AM
Updated by:
Employee
Contributors

Related Content

Article Dashboard
© 2023 RSA Security LLC or its affiliates. All rights reserved.