UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Applications must employ FIPS-validated or NSA-approved cryptography to implement digital signatures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-27155 SRG-APP-NA SV-34454r1_rule Medium
Description
Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. The integrity and reliability of the algorithms used to generate digital signatures is just as important as those used to encrypt data. Digital signatures provide non-repudiation and authenticity of a message or document, therefore, it is imperative that applications employ FIPS validated algorithms when generating digital signatures to be applied to unclassified data and NSA approved algorithms when generating signatures to be applied to classified data. This application requirement is not applicable. This requirement is addressed by CCI-001342 which requires applications to meet policy and legal requirements regarding the use of approved encryption technology. CCI-001342 is a comprehensive cryptography requirement that mandates the use of FIPS-validation or NSA-approved cryptography when using digital signatures.
STIG Date
Application Security Requirements Guide 2011-12-28

Details

Check Text ( None )
None
Fix Text (None)
None