The application server must employ FIPS-validated cryptography to protect unclassified information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35342 | SRG-APP-000197-AS-000139 | SV-46629r1_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Application servers must utilize FIPS-approved encryption modules when protecting unclassified sensitive data. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43710r1_chk ) |
|---|
| Review the AS configuration to determine if the AS utilizes FIPS-validated encryption modules when implementing cryptographic protection. If the AS does not meet this requirement, this is a finding. |
| Fix Text (F-39888r1_fix) |
|---|
| Configure the AS to use FIPS-approved encryption modules. |