UCF STIG Viewer Logo

All data (including email and attachments) sent over the wireless link between the mobile email client and MEM server located on the DoD network must be encrypted using AES.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32789 WIR-WMS-MEM-08 SV-43135r1_rule ECCT-1 Medium
Description
AES is the DoD standard for unclassified data encryption. When other encryption algorithms are used (non-type-1) the level of trust that sensitive DoD data cannot be compromised is not available.
STIG Date
Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-41122r4_chk )
Verify the MEM client supports sending all email (including email attachments) over the wireless link between the mobile email client and MEM server located on the DoD network using AES. Verify the AES encryption key length is at least 128-bit. (AES 128-bit encryption key length is the minimum requirement; AES 256 desired.)

Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation.

Mark as a finding if the MEM server does not have required features.
Fix Text (F-36670r3_fix)
Use a MEM product that supports sending all data (including email and attachments) over the wireless link between the mobile email client and MEM server located on the DoD network using AES with an encryption key length of at least 128-bit.