Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The cryptographic module supporting encryption of data in transit (including email and attachments) must be FIPS 140-2 validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32706 | WIR-MOS-iOS-65-08 | SV-43052r1_rule | DCNR-1 | Medium |
| Description |
|---|
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. |
| STIG | Date |
|---|---|
| Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Details
| Check Text ( C-41069r7_chk ) |
|---|
| Review a sample of site managed devices (3-4), interview the IAO, and review product documentation. Note: iOS does not currently meet this requirement but a third-party application (MDM agent, email client, browser, or VPN client) should be used to meet the requirement. Verify the site uses a third-party application (MDM agent, email client, browser, or VPN client) that is FIPS 140-2 validated. Review system documentation to identify the FIPS 140-2 certificate for the cryptographic module. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. Mark as a finding if the site does not use a third-party application (MDM agent, email client, browser, or VPN client) that is FIPS 140-2 validated. |
| Fix Text (F-36604r3_fix) |
|---|
| Stop using the operating system until the vendor has obtained FIPS validation or install a third-party product that has a FIPS 140-2 validated cryptographic module. |