search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.66k stars 8.23k forks source link

[FIPS][FedRampHigh] Change server-side hashing algorithms to use Node Crypto #200723

Open kc13greiner opened 18 hours ago

kc13greiner commented 18 hours ago

Describe the feature:

Usage of 3rd party libraries for hashing and other cryptographic features make it difficult to audit for FIPS compliance.

As we move towards our FedRampHigh and eventual FIPS 140-3 support dates, it is preferred (sometimes required!) to change the hashing algorithms we are using.

Node.js's crypto library should natively provide the functionality required for most common cases and to reduce the number of 3rd party deps, I am proposing teams switch from their respective 3rd party libraries for compliance purposes.

Server side (Node) only for now.

Library Team File
js-sha256 TBD x-pack/test/cloud_integration/tests/fullstory.ts
js-sha256 TBD x-pack/plugins/stack_alerts/server/rule_types/es_query/executor.ts
js-sha256 TBD x-pack/plugins/security_solution/server/lib/telemetry/insights/insights.ts
js-sha256 TBD x-pack/plugins/security_solution/server/lib/telemetry/helpers.ts
js-sha256 TBD x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_data_resources_client.ts
js-sha256 TBD x-pack/plugins/observability_solution/synthetics/server/routes/telemetry/monitor_upgrade_sender.ts
js-sha256 TBD x-pack/plugins/observability_solution/synthetics/server/routes/telemetry/monitor_upgrade_sender.test.ts
object-hash TBD x-pack/plugins/observability_solution/apm/server/lib/connections/get_connection_stats/get_destination_map.ts
object-hash TBD x-pack/plugins/observability_solution/apm/server/lib/connections/get_connection_stats/get_stats.ts
object-hash TBD x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/create_or_update_configuration.ts
object-hash TBD x-pack/plugins/observability_solution/logs_explorer/common/hashed_cache.ts
object-hash TBD x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/utils/generate_alert_id.ts
object-hash TBD x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/wrap_suppressed_esql_alerts.ts
object-hash TBD x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/new_terms/wrap_new_terms_alerts.ts
object-hash TBD x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/new_terms/wrap_suppressed_new_terms_alerts.ts
object-hash TBD x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/query/alert_suppression/wrap_suppressed_alerts.ts
object-hash TBD x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/threshold/wrap_suppressed_threshold_alerts.ts
object-hash TBD x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts
elasticmachine commented 18 hours ago

Pinging @elastic/kibana-security (Team:Security)