The MDM server must produce, control, and distribute symmetric cryptographic keys using NIST-approved or NSA approved key management technology and processes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36243	SRG-APP-192-MDM-225-SRV	SV-47647r1_rule		Medium

Description
Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44483r1_chk )
Review MDM server configuration, and NIST FIPS certificate to validate the server produces, controls, and distributes symmetric cryptographic keys using NIST-approved or NSA approved key management technology and processes. If the MDM server does not produce, control, and distribute symmetric cryptographic keys using NIST-approved or NSA approved key management technology and processes, this is a finding.

Check Text ( C-44483r1_chk )

Review MDM server configuration, and NIST FIPS certificate to validate the server produces, controls, and distributes symmetric cryptographic keys using NIST-approved or NSA approved key management technology and processes. If the MDM server does not produce, control, and distribute symmetric cryptographic keys using NIST-approved or NSA approved key management technology and processes, this is a finding.

Fix Text (F-40773r1_fix)
Configure the MDM server to produce, control, and distribute symmetric cryptographic keys using NIST-approved or NSA approved key management technology and processes.