Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The cryptographic module supporting encryption of data in transit (including email and attachments) must be FIPS 140-2 validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33153 | SRG-OS-000170-MOS-000089 | SV-43551r1_rule | Medium |
| Description |
|---|
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS 140-2 validation is also a strict requirement for use of cryptography in the Federal Government. This general IA control is applicable to all wireless interfaces but is primarily targeted at interfaces other than Wi-Fi or Bluetooth, which have their own controls. STIGs for devices that have wireless interfaces other than Wi-Fi or Bluetooth only may use those controls in lieu of this one. For other wireless interfaces, this control must be applied. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2012-10-01 |
Details
| Check Text ( C-41413r1_chk ) |
|---|
| Review system documentation to identify the FIPS 140-2 certificate for the cryptographic module. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. If the module is not currently FIPS validated, this is a finding. If the cryptographic module is not operating in FIPS mode, this is a finding. |
| Fix Text (F-37053r1_fix) |
|---|
| Configure the mobile operating system's cryptographic module to encrypt data in transit (including email and attachments) using FIPS 140-2 validated modules. |