The network device must produce, control, and distribute asymmetric cryptographic keys using approved PKI Class 3 or Class 4 certificates and hardware security tokens that protect the user's private key.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000218-NDM-NA	SRG-NET-000218-NDM-NA	SRG-NET-000218-NDM-NA_rule		Low

Description
The most secure algorithm is rendered useless if the keys cannot be kept secured. Left unprotected, keys are vulnerable to duplication or modification. Duplication enables an attacker to copy a key to be used for access to the service and to steal information. An attacker may be able to modify or corrupt a key to cause a Denial of Service. Use of approved PKI certificates or prepositioned keying material mitigates the risk to the network of duplication or modification of cryptographic keys. Producing, controlling, and distributing asymmetric cryptographic keys is not a function of network device management.

Description

The most secure algorithm is rendered useless if the keys cannot be kept secured. Left unprotected, keys are vulnerable to duplication or modification. Duplication enables an attacker to copy a key to be used for access to the service and to steal information. An attacker may be able to modify or corrupt a key to cause a Denial of Service. Use of approved PKI certificates or prepositioned keying material mitigates the risk to the network of duplication or modification of cryptographic keys. Producing, controlling, and distributing asymmetric cryptographic keys is not a function of network device management.

STIG	Date
Network Device Management Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000218-NDM-NA_chk )
This requirement is NA for network device management.

Fix Text (F-SRG-NET-000218-NDM-NA_fix)
This requirement is NA for network device management.