Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33157 | SRG-OS-000170-MOS-000093 | SV-43555r1_rule | Medium |
Description |
---|
The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Note: Bluetooth standards are being revised to specify cryptographic algorithms for which it is possible to obtain FIPS 140-2 validation for implementations of those algorithms. However, mobile devices are currently required to use Bluetooth modules that are FIPS 140-2 validated. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41417r1_chk ) |
---|
Review system documentation to identify the FIPS 140-2 certificate for the cryptographic module. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. If the module is not currently FIPS validated, this is a finding. If the cryptographic module is not operating in FIPS mode, this is a finding. |
Fix Text (F-37057r1_fix) |
---|
Configure the mobile operating system's cryptographic module supporting Bluetooth data communications to be FIPS 140-2 validated. |