UCF STIG Viewer Logo

The IBM Aspera High-Speed Transfer Server must enable the use of dynamic token encryption keys.


Overview

Finding ID Version Rule ID IA Controls Severity
V-252634 ASP4-TS-020180 SV-252634r818072_rule Medium
Description
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. The dynamic token encryption key is used for encrypting authorization tokens dynamically for improved security and time-limited validity which limits the chances of a key becoming compromised. NOTE: A dynamic token encryption key can be set for an individual user or a system group. Satisfies: SRG-NET-000062-ALG-000011, SRG-NET-000400-ALG-000097
STIG Date
IBM Aspera Platform 4.2 Security Technical Implementation Guide 2022-08-24

Details

Check Text ( C-56090r818070_chk )
Verify the Aspera High-Speed Transfer Server enables the use of dynamic token encryption keys with the following command:

$ sudo /opt/aspera/bin/asuserdata -a | grep dynamic

token_dynamic_key: "true"

If the "dynamic_key" setting is not set to "true", this is a finding.
Fix Text (F-56040r818071_fix)
Configure the Aspera High-Speed Transfer Server to enable the use of dynamic token encryption keys with the following command:

$ sudo asconfigurator -x "set_node_data; token_dynamic_key,true"

Restart the IBM Aspera Node service to activate the changes.

$ sudo systemctl restart asperanoded.service