The cryptographic module supporting encryption of data in transit (including email and attachments) must be FIPS 140-2 validated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36159	SRG-APP-197-MDM-159-MDM	SV-47563r1_rule		Medium

Description
The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. This requirement applies to any secure connection between the server and other IT resource, including the secure communications tunnel between the MDM server and managed mobile devices.

Description

The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. This requirement applies to any secure connection between the server and other IT resource, including the secure communications tunnel between the MDM server and managed mobile devices.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44399r1_chk )
Review the MDM server configuration to ensure the cryptographic module supporting encryption of data in transit (including email and attachments) is FIPS 140-2 validated. If it is not, this is a finding.

Fix Text (F-40689r1_fix)
Configure the MDM server cryptographic module supporting encryption of data in transit (including email and attachments) to be FIPS 140-2 validated.