The mobile operating system must produce, control, and distribute cryptographic keys using NIST-approved or NSA-approved key management technology and processes if it produces, controls, or distributes cryptographic keys.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33147 | SRG-OS-000165-MOS-000085 | SV-43545r2_rule | Medium |
| Description |
|---|
| Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. NIST technology and processes must be used for unclassified applications and data. NSA technology and processes must be used for classified applications and data. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41407r1_chk ) |
|---|
| Check that the operating system uses NIST and NSA approved cryptographic key management technology and processes if it produces, controls, or distributes cryptographic keys. |
| Fix Text (F-37047r1_fix) |
|---|
| Configure the operating system to use NIST and NSA approved cryptographic key management processes. |