UCF STIG Viewer Logo

The IDPS must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000211-IDPS-000214 SRG-NET-000211-IDPS-000214 SRG-NET-000211-IDPS-000214_rule Medium
Description
If the organization is relying on a commercial service provider for transmission services as a commodity item rather than a fully dedicated service for both internal and external connectivity, it may be more difficult to obtain the necessary assurances regarding the implementation of needed security controls for transmission confidentiality. When it is infeasible or impractical to obtain the necessary security controls and assurances of control effectiveness through appropriate contracting vehicles, the organization either implements appropriate compensating security controls or explicitly accepts the additional risk.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43376_chk )
Inspect the configuration, encryption configuration.
Verify encryption is automatically used for all data in transit.
Verify the device is configured to negotiate a key exchange before full encryption takes place.
Verify the device provides full encryption capability (AES or stronger).

If the system is not configured to use cryptographic mechanisms protect information in transit, this is a finding.
Fix Text (F-43376_fix)
Open the management application and navigate to the encryption configuration screen.
Configure the device so encryption is automatically used for all data in transit.
Configure the device to negotiate a key exchange before starting full encryption transmissions.