LearningBuilder has a FIPS-compliant encryption system that is used to secure both sensitive data as well as sensitive configuration.

Sys Admin users can also view: https://heuristicsolutions.atlassian.net/wiki/spaces/DOCS/pages/3475963914

Overview

LearningBuilder has a FIPS-compliant encryption system that can be used to encrypt sensitive data “at rest”.

This encryption can be applied to:

“Identity” attributes such as SSN and Driver’s License (these require the use of encryption)
Extrinsic Workflow Attributes
Uploaded files
Client Certificates

Technical details

Sensitive data are encrypted with AES using 128-bit block size, Cipher Block Chaining, and PKCS7 padding.

Encryption keys are securely stored in a secrets vault separate from the LearningBuilder application and database.

Member Identity attributes

Certain intrinsic Attributes are used specifically for identity-related purposes. These Attributes must be encrypted and can only be enabled when the Encryption system is enabled.

For more information, see Member Identity Fields (SSN, Passport, Drivers License, FEIN)

Encrypting extrinsic Workflow Attributes

Custom Workflow Attributes can be encrypted as well, by enabling the data security option when creating the Attribute:

Encrypting an Extrinsic Attribute

The whole point of encrypting the data at rest is to make it unreadable at the database level, which has some usability consequences.

Encrypted extrinsic Attributes:

Cannot be exposed through systems such as OData that pull directly from the database
Cannot be searched against

Encrypted file uploads

Uploaded files are placed into a File Libraries. File Libraries can be configured to be encrypted.

File Library list

When a user accesses a file in an encrypted library, they are warned that the file contents are sensitive and that access is logged.