Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000217-NDM-NA | SRG-NET-000217-NDM-NA | SRG-NET-000217-NDM-NA_rule | Low |
Description |
---|
The most secure algorithm is rendered useless if the keys cannot be kept secured. Left unprotected keys are vulnerable to duplication or modification. Duplication enables an attacker to copy a key to be used for access to the service and to steal information. An attacker may be able to modify or corrupt a key to cause a Denial of Service. Use of approved PKI Class 3 certificates or prepositioned keying material mitigates the risk to the network of duplication or modification of cryptographic keys. Producing, controlling, and distributing asymmetric cryptographic keys is not a function of network device management. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2013-07-30 |
Check Text ( C-SRG-NET-000217-NDM-NA_chk ) |
---|
This requirement is NA for network device management. |
Fix Text (F-SRG-NET-000217-NDM-NA_fix) |
---|
This requirement is NA for network device management. |