The network device must produce, control, and distribute symmetric and asymmetric cryptographic keys using NSA-approved key management technology and processes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000216-NDM-000159	SRG-NET-000216-NDM-000159	SRG-NET-000216-NDM-000159_rule		Low

Description
The most secure algorithm is rendered useless if the keys cannot be kept secured. Left unprotected keys are vulnerable to duplication or modification. Duplication enables an attacker to copy a key to be used for access to the service and to steal information. An attacker may be able to modify or corrupt a key to cause a Denial of Service. Key management is the process of generating and securely distributing keys used in the encryption process. This process includes a key management policy which includes key generation, distribution, storage, usage, lifetime duration, and destruction. Key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. In addition to being required for the effective operation of a cryptographic mechanism, effective cryptographic key management provides protection to maintain the availability of the information in the event of the loss of cryptographic keys by users.

Description

The most secure algorithm is rendered useless if the keys cannot be kept secured. Left unprotected keys are vulnerable to duplication or modification. Duplication enables an attacker to copy a key to be used for access to the service and to steal information. An attacker may be able to modify or corrupt a key to cause a Denial of Service. Key management is the process of generating and securely distributing keys used in the encryption process. This process includes a key management policy which includes key generation, distribution, storage, usage, lifetime duration, and destruction. Key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. In addition to being required for the effective operation of a cryptographic mechanism, effective cryptographic key management provides protection to maintain the availability of the information in the event of the loss of cryptographic keys by users.

STIG	Date
Network Device Management Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000216-NDM-000159_chk )
Verify the network device produces, controls, and distributes symmetric and asymmetric cryptographic keys, using NIST-approved key management technology and processes. If the network device does not produce, control, and distribute symmetric and asymmetric cryptographic keys, using NIST-approved key management technology and processes, this is a finding.

Fix Text (F-SRG-NET-000216-NDM-000159_fix)
Configure the network device to produce, control, and distribute symmetric and asymmetric cryptographic keys, using NIST-approved key management technology and processes.