UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes.


Overview

Finding ID Version Rule ID IA Controls Severity
V-70193 APSC-DV-002030 SV-84815r1_rule Medium
Description
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. If the application resides on a National Security System (NSS) it must not use a hashing algorithm weaker than SHA-256.
STIG Date
Application Security and Development Security Technical Implementation Guide 2017-01-09

Details

Check Text ( C-70669r1_chk )
Review the application components and the application requirements to determine if the application is capable of generating cryptographic hashes.

Review the application documentation and interview the application administrator to identify the cryptographic modules used by the application.

If the application is not designed to generate cryptographic hashes, this requirement is not applicable.

Have the application admin or the developer demonstrate how the application generates hashes and what hashing algorithms are used when generating a hash value.

SHA 1 is currently an approved hashing algorithm, however if SHA 2 is available, SHA 2 is recommended.

If the application resides on a National Security System (NSS) and uses an algorithm weaker than SHA-256, this is a finding.

If the application is designed to generate cryptographic hash values and the application is not configured to use SHA1, SHA2, or if the application is configured to use the MD5 hashing algorithm, this is a finding.
Fix Text (F-76429r1_fix)
Configure the application to use a FIPS-validated hashing algorithm such as SHA1 or SHA2 when creating a cryptographic hash.