LearningBuilder has a FIPS compliant encryption system that is used to secure both sensitive data as well as sensitive configuration.

Sys Admin users can also view: /wiki/spaces/DOCS/pages/3475963914

Overview

LearningBuilder has a FIPS compliant encryption system that can be used to encrypt sensitive data “at rest”.

This encryption can be applied to:

/wiki/spaces/DOCS/pages/262569985 such as SSN and Driver’s License (these require the use of encryption)
Extrinsic Workflow Attributes
Uploaded files
Client Certificates

Member Identity attributes

Certain intrinsic Attributes are used specifically for identity-related purposes. These Attributes must be encrypted and can only be enabled when the Encryption system is enabled.

For more information, see /wiki/spaces/DOCS/pages/262569985

Encrypting extrinsic Workflow Attributes

Custom Workflow Attributes can be encrypted as well, by enabling the data security option when creating the Attribute:

LearningBuilder Documentation > Encryption > image-20230224-145238.png

The whole point of encrypting the data at rest is to make it unreadable at the database level, which has some usability consequences.

Encrypted extrinsic Attributes:

Cannot be exposed through systems such as OData that pull directly from the database
Cannot be searched against

Encrypted file uploads

Uploaded files are placed into a File Library. File Libraries can be configured to be encrypted.

LearningBuilder Documentation > Encryption > image-20230224-150016.png

When a user accesses a file in an encrypted library, they are warned that the file contents are sensitive and that access is logged.