The firewall implementation must employ cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37299 | SRG-NET-000219-FW-000129 | SV-49060r1_rule | Medium |
| Description |
|---|
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. Using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance provides additional assurance that the cryptography has been implemented correctly. FIPS validation is a strict requirement for the use of cryptography in the Federal Government for unclassified information, as is NSA approval of cryptography for classified data and applications. This requirement applies where cryptography is required by the data owner or organizational policy to protect data in transit to or from the firewall or to protect data in storage on the firewall. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45547r1_chk ) |
|---|
| Verify a FIPS 140-2 validated or NSA-approved cryptographic module is installed and configured on the firewall to protect transmissions and data in storage. If FIPS-140-2 validated or NSA-approved cryptography is not used, this is a finding. |
| Fix Text (F-42224r1_fix) |
|---|
| Ensure the firewall uses cryptographic protections which employ FIPS 140-2 validated or NSA approved cryptographic modules. |