Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must employ FIPS-validated cryptography to protect unclassified information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000220-IDPS-000173 | SRG-NET-000220-IDPS-000173 | SRG-NET-000220-IDPS-000173_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. Hence it is imperative that transmission of traffic that requires privacy utilize FIPS-validated cryptography. Traffic between the management console, sensor, and/or other network elements must be protected by cryptographic mechanisms. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43317_chk ) |
|---|
| Verify a FIPS-validated algorithm is used (e.g., IPSEC, SSH, TLS, AES, or 3DES). If traffic from unclassified IDPS is not configured to use FIPS-validated encryption algorithms, this is a finding. |
| Fix Text (F-43317_fix) |
|---|
| Install a FIPS 140-2 validated cryptographic module (e.g., IPSEC, SSH, TLS, AES, or 3DES) and configure for use with unclassified data-in-transit and data-at-rest. |