The IDPS must employ FIPS-validated or NSA-approved cryptography to implement digital signatures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000308-IDPS-000175	SRG-NET-000308-IDPS-000175	SRG-NET-000308-IDPS-000175_rule		Medium

Description
Cryptography is only as strong as the encryption algorithms employed to encrypt the data. Use of weak or untested certificates undermines the purposes of utilizing encryption to protect data. Traffic between the management console, sensor, and/or other network elements must be protected by cryptographic mechanisms. FIPS-validated cryptography is approved for use for unclassified systems. NSA-approved cryptography is approved for use for classified systems.

Description

Cryptography is only as strong as the encryption algorithms employed to encrypt the data. Use of weak or untested certificates undermines the purposes of utilizing encryption to protect data. Traffic between the management console, sensor, and/or other network elements must be protected by cryptographic mechanisms. FIPS-validated cryptography is approved for use for unclassified systems. NSA-approved cryptography is approved for use for classified systems.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43319_chk )
Verify digital signatures used by the IDPS to validate the authenticity of information, firmware, or health checks use certificates that use either of the following: (i) FIPS-validated (e.g., DoD PKI) cryptographic module. (ii) NSA-approved cryptographic module. If NSA-approved or FIPS-validated cryptography is not used to implement digital signatures, this is a finding.

Fix Text (F-43319_fix)
Install digital signature that comply with DoD or NSA certificate requirements.