The MEM client S/MIME cryptographic module must be FIPS 140-2 validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32794 | WIR-WMS-MEM-13 | SV-43140r1_rule | ECCT-1 | Medium |
| Description |
|---|
| FIPS 140-2 validated encryption is the DoD standard for unclassified data encryption. When non-FIPS validated encryption modules are used (other than Type 1) the level of trust that sensitive DoD data cannot be compromised is not available. |
| STIG | Date |
|---|---|
| Mobile Email Management (MEM) Server Security Technical Implementation Guide (STIG) | 2013-05-08 |
Details
| Check Text ( C-41127r3_chk ) |
|---|
| Verify the MEM client S/MIME cryptographic module must be FIPS 140-2 validated. Talk to the site system administrator and have them show this capability exists in the MEM server. Also, review MEM product documentation. Mark as a finding if the MEM server does not have required features. |
| Fix Text (F-36675r3_fix) |
|---|
| Use a MEM product that has an S/MIME cryptographic module that is FIPS 140-2 validated. |