The IDPS must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000239-IDPS-000195	SRG-NET-000239-IDPS-000195	SRG-NET-000239-IDPS-000195_rule		Medium

Description
This control is intended to address the confidentiality and integrity of system information at rest when it is located on a secondary storage device within the IDPS. It is imperative that system data that is generated as well as device configuration data is protected.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43348_chk )
Inspect the configuration, encryption configuration. Verify encryption is automatically used for all data in transit. Verify the device is configured to negotiate a key exchange before full encryption takes place. Verify the device provides full encryption capability (AES or stronger). If the system is not configured to employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures, this is a finding.

Check Text ( C-43348_chk )

Inspect the configuration, encryption configuration.
Verify encryption is automatically used for all data in transit.
Verify the device is configured to negotiate a key exchange before full encryption takes place.
Verify the device provides full encryption capability (AES or stronger).

If the system is not configured to employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures, this is a finding.

Fix Text (F-43348_fix)
Open the device's management application and navigate to the encryption configuration screen. Configure the device so encryption is automatically used for all data in transit. Configure the device to negotiate a key exchange before starting full encryption transmissions.