UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The PKI key store of the MDM server must be FIPS validated.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36043 SRG-APP-179-MDM-039-SRV SV-47432r1_rule Medium
Description
MDM server applications utilizing encryption are required to use approved encryption modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity and DoD data may be compromised due to weak algorithms. FIPS validation ensures the encryption algorithm is suitable for the DoD environment.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44282r1_chk )
Review system documentation to identify the FIPS 140 certificate for the PKI key store. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. If the module is not currently FIPS validated, this is a finding.
Fix Text (F-40573r1_fix)
Stop using the system until the vendor has obtained FIPS validation or install a third party product that contains a FIPS validated cryptographic module providing the same services in the operating system’s non-FIPS validated implementation of cryptography.