The IDPS must employ FIPS-validated cryptography to protect information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000222-IDPS-000174 | SRG-NET-000222-IDPS-000174 | SRG-NET-000222-IDPS-000174_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. FIPS-validated cryptography must be used to protect information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals. Traffic between the management console, sensor, and/or other network elements must be protected by cryptographic mechanisms. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43318_chk ) |
|---|
| Verify a FIPS-validated cryptographic module is used for traffic separation. Verify separation policy is based on authorization privileges identified for each authorized system administrator. If FIPS-validated cryptography is not used for traffic separation based on authorization levels for each system administrator, this is a finding. |
| Fix Text (F-43318_fix) |
|---|
| Configure the FIPS-validated cryptographic module for traffic separation. Configure the traffic separation implementation based on authorization privileges identified for each authorized system administrator. |