Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must employ FIPS-validated or NSA-approved cryptography to implement digital signatures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000308-IDPS-000175 | SRG-NET-000308-IDPS-000175 | SRG-NET-000308-IDPS-000175_rule | Medium |
| Description |
|---|
| Cryptography is only as strong as the encryption algorithms employed to encrypt the data. Use of weak or untested certificates undermines the purposes of utilizing encryption to protect data. Traffic between the management console, sensor, and/or other network elements must be protected by cryptographic mechanisms. FIPS-validated cryptography is approved for use for unclassified systems. NSA-approved cryptography is approved for use for classified systems. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43319_chk ) |
|---|
| Verify digital signatures used by the IDPS to validate the authenticity of information, firmware, or health checks use certificates that use either of the following: (i) FIPS-validated (e.g., DoD PKI) cryptographic module. (ii) NSA-approved cryptographic module. If NSA-approved or FIPS-validated cryptography is not used to implement digital signatures, this is a finding. |
| Fix Text (F-43319_fix) |
|---|
| Install digital signature that comply with DoD or NSA certificate requirements. |