UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must employ FIPS-validated cryptography to protect unclassified information.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000220-IDPS-000173 SRG-NET-000220-IDPS-000173 SRG-NET-000220-IDPS-000173_rule Medium
Description
Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. Hence it is imperative that transmission of traffic that requires privacy utilize FIPS-validated cryptography. Traffic between the management console, sensor, and/or other network elements must be protected by cryptographic mechanisms.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43317_chk )
Verify a FIPS-validated algorithm is used (e.g., IPSEC, SSH, TLS, AES, or 3DES).

If traffic from unclassified IDPS is not configured to use FIPS-validated encryption algorithms, this is a finding.
Fix Text (F-43317_fix)
Install a FIPS 140-2 validated cryptographic module (e.g., IPSEC, SSH, TLS, AES, or 3DES) and configure for use with unclassified data-in-transit and data-at-rest.