Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DBMS must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32498 | SRG-APP-000196-DB-000140 | SV-42835r1_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Use of cryptography to provide confidentiality and non-repudiation is not effective unless strong methods are employed with its use. Many earlier encryption methods and modules have been broken and/or overtaken by increasing computing power. The NIST FIPS 140-2 cryptographic standards provide proven methods and strengths to employ cryptography effectively. Detailed information on the NIST Cryptographic Module Validation Program (CMVP) is available at the following web site: http://csrc.nist.gov/groups/STM/cmvp/index.html. |
| STIG | Date |
|---|---|
| Database Security Requirements Guide | 2012-07-02 |
Details
| Check Text ( C-40936r1_chk ) |
|---|
| If the DBMS has not implemented federally required cryptographic protections for the level of classification of the data it contains, this is a finding. |
| Fix Text (F-36413r1_fix) |
|---|
| Implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. |