The network element must employ FIPS-validated cryptography to protect information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34737	SRG-NET-000222-IDPS-NA	SV-45638r1_rule		Low

Description
Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. FIPS 140-2 Security Requirements for Cryptographic Modules can be found at the following web site: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf. Although individuals may have a security clearance, they may not have a need to know and are required to be separated from the information in question. Applications must employ FIPS validated cryptography to protect unclassified information from those individuals who do not have a need to know. Only authorized system administrators with necessary access approvals are allowed to access the IDPS. The IDPS management interface is connected only to the restricted management network. Encryption for the purpose of traffic separation is not applicable.

Description

Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. FIPS 140-2 Security Requirements for Cryptographic Modules can be found at the following web site: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf. Although individuals may have a security clearance, they may not have a need to know and are required to be separated from the information in question. Applications must employ FIPS validated cryptography to protect unclassified information from those individuals who do not have a need to know. Only authorized system administrators with necessary access approvals are allowed to access the IDPS. The IDPS management interface is connected only to the restricted management network. Encryption for the purpose of traffic separation is not applicable.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-43004r1_chk )
This requirement is NA for IDPS. No fix required.

Fix Text (F-39036r1_fix)
This requirement is NA for IDPS. No fix required.