Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-36043 | SRG-APP-179-MDM-039-SRV | SV-47432r1_rule | Medium |
Description |
---|
MDM server applications utilizing encryption are required to use approved encryption modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity and DoD data may be compromised due to weak algorithms. FIPS validation ensures the encryption algorithm is suitable for the DoD environment. |
STIG | Date |
---|---|
Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Check Text ( C-44282r1_chk ) |
---|
Review system documentation to identify the FIPS 140 certificate for the PKI key store. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. If the module is not currently FIPS validated, this is a finding. |
Fix Text (F-40573r1_fix) |
---|
Stop using the system until the vendor has obtained FIPS validation or install a third party product that contains a FIPS validated cryptographic module providing the same services in the operating system’s non-FIPS validated implementation of cryptography. |