UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All encrypted traffic must be decrypted prior to passing through content inspection and filtering mechanisms.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000030-NDM-NA SRG-NET-000030-NDM-NA SRG-NET-000030-NDM-NA_rule Medium
Description
Allowing traffic to bypass the security checkpoints puts the network infrastructure and critical data at risk. However, attempting to decrypt traffic which is legitimately encrypted can violate privacy laws and confidentiality of the information. There can be cases where encrypted information may legitimately traverse either the perimeter or other network devices; however, this traffic must be inspected by approved content inspection application, either before encryption or at an authorized application proxy. The network device cannot determine if content filtering has been performed on encrypted data. It is not the function of the network device to encrypt or decrypt traffic. If a VPN gateway is installed on the network device, that functionality must be inspected for compliance with VPN guidance. This requirement is applicable to specific devices and does not involve the management of a network device.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000030-NDM-NA_chk )
This requirement is NA for network device management.
Fix Text (F-SRG-NET-000030-NDM-NA_fix)
This requirement is NA for network device management.