The MEM client must alert the user if it receives a public-key certificate with a non-FIPS approved algorithm.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32784 | WIR-WMS-MEM-09 | SV-43130r1_rule | IAKM-1 IAKM-2 | Low |
| Description |
|---|
| If a DoD certificate has a non-FIPS approved algorithm, the required level of assurance that any encryption operation is secure is not available. It may be possible to compromise the integrity of data that has been encrypted by the PKI certificate. |
| STIG | Date |
|---|---|
| Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41117r3_chk ) |
|---|
| Verify the MEM client alerts the user if it receives a public-key certificate with a non-FIPS approved algorithm. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. |
| Fix Text (F-36665r2_fix) |
|---|
| Use a MEM product that alerts the user if it receives a public-key certificate with a non-FIPS approved algorithm. |