Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33158 | SRG-OS-000170-MOS-000094 | SV-43556r1_rule | Medium |
Description |
---|
The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41418r1_chk ) |
---|
Review system documentation to identify the FIPS 140-2 certificate for the cryptographic module. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. If the module is not currently FIPS validated, this is a finding. If the cryptographic module is not operating in FIPS mode, this is a finding. |
Fix Text (F-37058r1_fix) |
---|
Configure the mobile operating system's cryptographic module supporting Wi-Fi security functions to be FIPS 140-2 validated. |