UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network element must produce, control, and distribute asymmetric cryptographic keys using approved PKI Class 3 certificates or prepositioned keying material.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000217-FW-NA SRG-NET-000217-FW-NA SRG-NET-000217-FW-NA_rule Low
Description
The most secure algorithm is rendered useless if the keys cannot be kept secured. Left unprotected keys are vulnerable to duplication or modification. Duplication enables an attacker to copy a key to be used for access to the service and to steal information. An attacker may be able to modify or corrupt a key to cause a Denial of Service. Use of approved PKI Class 3 certificates or prepositioned keying material mitigates the risk to the network of duplication or modification of cryptographic keys. Producing, controlling, and distributing asymmetric cryptographic keys is not a function of the firewall.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000217-FW-NA_chk )
This requirement is NA for firewall. No fix required.
Fix Text (F-SRG-NET-000217-FW-NA_fix)
This requirement is NA for firewall. No fix required.