The mobile operating system must employ NSA approved cryptography to protect classified information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33159	SRG-OS-000171-MOS-000095	SV-43557r1_rule		High

Description
Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. NSA approval is required for cryptography for classified data and applications and provides assurance that the implementation is adequately protected against attack.

Description

Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or un-tested encryption algorithms undermines the purposes of utilizing encryption to protect data. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. NSA approval is required for cryptography for classified data and applications and provides assurance that the implementation is adequately protected against attack.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41419r1_chk )
Review system documentation to identify that NSA has approved the cryptography used to protect classified data and applications resident on the device. If NSA has not approved the cryptography for classified data and applications, this is a finding.

Fix Text (F-37059r1_fix)
Configure the mobile operating system to employ NSA approved cryptography to protect classified information.