The IDPS must employ cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34734 | SRG-NET-000219-IDPS-00157 | SV-45634r1_rule | Medium |
| Description |
|---|
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. Using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance provides additional assurance that the cryptography has been implemented correctly. FIPS validation is a strict requirement for the use of cryptography in the Federal Government for unclassified information, as is NSA approval of cryptography for classified data and applications. This requirement applies where cryptography is required by the data owner or organizational policy to protect data in transit to or from the IDPS components or to protect data in storage on the IDPS components. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43000r1_chk ) |
|---|
| Verify a FIPS-validated or NSA-approved cryptographic module is installed and configured on the IDPS components to protect transmissions and data in storage. If FIPS-validated or NSA-approved cryptography is not used, this is a finding. |
| Fix Text (F-39032r1_fix) |
|---|
| Ensure the IDPS uses cryptographic protections which employ FIPS 140 validated or NSA approved cryptographic modules. |