The IDPS must employ FIPS-validated cryptography to protect unclassified information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000220-IDPS-000173	SRG-NET-000220-IDPS-000173	SRG-NET-000220-IDPS-000173_rule		Medium

Description
Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. Hence it is imperative that transmission of traffic that requires privacy utilize FIPS-validated cryptography. Traffic between the management console, sensor, and/or other network elements must be protected by cryptographic mechanisms.

Description

Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. Hence it is imperative that transmission of traffic that requires privacy utilize FIPS-validated cryptography. Traffic between the management console, sensor, and/or other network elements must be protected by cryptographic mechanisms.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43317_chk )
Verify a FIPS-validated algorithm is used (e.g., IPSEC, SSH, TLS, AES, or 3DES). If traffic from unclassified IDPS is not configured to use FIPS-validated encryption algorithms, this is a finding.

Fix Text (F-43317_fix)
Install a FIPS 140-2 validated cryptographic module (e.g., IPSEC, SSH, TLS, AES, or 3DES) and configure for use with unclassified data-in-transit and data-at-rest.