Hello @ArvindElayappan,
I think you have received great answer, covering most of the areas I can think of, and probably even more of that you actually need, or not.
In short I would say, that you can set many levels of security in SAS, not only SAS Web Server, but other areas as well. SAS is really powerful and elastic on such way. Different options are available for different requirements (costs, IT policies, skills, etc). And yes, SSL/certificates is only 1 way to secure your environment. Recommended, while not required.
In your case, it seems as you received an audit. I would advise to just get along with the requirements of the audit and implement what they are asking for. And if you need help, you can contact your SAS office, they will be happy to bring some support.
Could you please mark the post that helped you the most, as accepted solution? And, if the question is still not answered, please let us know, and what aspects are not clear yet.
... View more