The network element must employ FIPS-validated cryptography to protect information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34187 | SRG-NET-000222-DNS-NA | SV-44659r1_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. FIPS 140-2 Security Requirements for Cryptographic Modules can be found at the following web site: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf. Although persons may have a security clearance, they may not have a need-to-know and are required to be separated from the information in question. Applications must employ FIPS validated cryptography to protect unclassified information from those individuals who do not have a need-to-know. DNS is not a general user based application; therefore, all data on the DNS platform must be secured. Only those with a need-to-know should be granted access to a DNS platform and there would be no need to separate the data. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42164r1_chk ) |
|---|
| This is not a function of DNS. |
| Fix Text (F-38114r1_fix) |
|---|
| This requirement is NA for DNS. No fix required. |