To SAS Viya Support Team,   Greetings,   During a security scan, we identified a critical vulnerability on the following servers where HSTS (HTTP Strict Transport Security) is not enforced on the remote web server for the DMT.EM component, in violation of RFC 6797: 1. Vulnerability Details Component/Service: DMT.EM Vulnerability Description: The remote web server does not enforce HSTS, leaving it susceptible to man-in-the-middle (MITM) attacks. Affected Servers: Server 1 Server 2 Vulnerability ID: 42 Remediation Recommendation: Configure the remote web server to enforce HSTS. 2. Requested Assistance Please advise on the specific steps to enable HSTS for the DMT.EM component in the SAS Viya environment, including any configuration files or settings that need modification. Confirm whether this requires changes to the SAS Viya configuration or can be addressed at the web server level (e.g., Apache, Nginx). Provide guidance on verifying the successful implementation of HSTS post-configuration (e.g., using browser tools or security headers checkers). 3. Severity and Timeline This vulnerability poses a high risk to data security. We kindly request a priority response and a detailed action plan by [Insert Deadline, e.g., 24 hours from ticket creation].   Thank you for your prompt support.   Best regards, West ... View more