The network device must employ cryptographic protections using cryptographic modules for SSH complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000219-NDM-000163 | SRG-NET-000219-NDM-000163 | SRG-NET-000219-NDM-000163_rule | Low |
| Description |
|---|
| Whether a network is being managed locally or from a Network Operations Center (NOC), achieving network management objectives depends on comprehensive and reliable network management solutions. To protect the integrity and confidentiality of non-local maintenance and diagnostics, all packets associated with these sessions must be encrypted. During the authentication process, malicious users can gain knowledge of passwords during authentication process by sniffing local traffic between the network element and the authentication server. It is imperative the authentication process and the transmission of network management traffic implements cryptographic modules adhering to the higher standards approved by the federal government. This requirement is applicable to network device management and is not applicable to the routing function. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000219-NDM-000163_chk ) |
|---|
| Verify a FIPS 140-2 validated or NSA-approved cryptographic module is installed and configured on the network device to protect transmissions and data in storage. If FIPS-140-2 validated or NSA-approved cryptography is not used, this is a finding. |
| Fix Text (F-SRG-NET-000219-NDM-000163_fix) |
|---|
| Ensure the network device uses cryptographic protections which employ FIPS 140-2 validated or NSA approved cryptographic modules. |