The MDM server must implement required cryptographic protections using cryptographic modules that comply with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36249 | SRG-APP-196-MDM-229-SRV | SV-47653r1_rule | Low |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. Data at rest on the phone and memory storage devices, data in transit, and critical data in memory could be applicable. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44489r1_chk ) |
|---|
| Review MDM server configuration, and NIST FIPS certificate to validate the server implements required cryptographic protections using cryptographic modules that comply with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. If the MDM server does not implement required cryptographic protections using cryptographic modules that comply with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance, this is a finding. |
| Fix Text (F-40779r1_fix) |
|---|
| Configure the MDM server to implement required cryptographic protections using cryptographic modules that comply with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. |