UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MEM client S/MIME encryption algorithm must support both 3DES and AES.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32793 WIR-WMS-MEM-12 SV-43139r1_rule ECCT-1 Medium
Description
DES and AES are the DoD standard for unclassified data encryption based on DoD PKI certificates. AES is preferred but some DoD CACs only support the 3DES encryption algorithm. When other encryption algorithms are used (non-type-1) the level of trust that sensitive DoD data cannot be compromised is not available.
STIG Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-01-17

Details

Check Text ( C-41126r4_chk )
Verify the MEM client S/MIME encryption algorithm supports both 3DES and AES. When AES is used, AES 128-bit encryption key length is the minimum requirement; AES 256 desired. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features.
Fix Text (F-36674r2_fix)
Use a MEM product that supports S/MIME encryption with an algorithm that supports both 3DES and AES.