UCF STIG Viewer Logo

The cryptographic module supporting encryption of the certificate store must be FIPS 140-2 validated.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36052 SRG-APP-197-MDM-048-SRV SV-47441r1_rule Medium
Description
The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly to ensure confidentiality of the data store. FIPS validation is also a strict requirement for use of cryptography in the Federal Government.
STIG Date
Mobile Device Manager Security Requirements Guide 2013-01-24

Details

Check Text ( C-44291r2_chk )
Review system documentation to identify the FIPS 140 certificate for the cryptographic module. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. If the module is not currently FIPS validated, this is a finding.
Fix Text (F-40582r1_fix)
Stop using the system until the vendor has obtained FIPS validation or install a third party product that contains a FIPS validated cryptographic module providing the same services in the operating system’s non-FIPS validated implementation of cryptography.