Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33159 | SRG-OS-000171-MOS-000095 | SV-43557r1_rule | High |
Description |
---|
Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. NSA approval is required for cryptography for classified data and applications and provides assurance that the implementation is adequately protected against attack. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-04-12 |
Check Text ( C-41419r1_chk ) |
---|
Review system documentation to identify that NSA has approved the cryptography used to protect classified data and applications resident on the device. If NSA has not approved the cryptography for classified data and applications, this is a finding. |
Fix Text (F-37059r1_fix) |
---|
Configure the mobile operating system to employ NSA approved cryptography to protect classified information. |